Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Outgoing FTP Connection Fails

I'm using FileZilla to connect to a passive FTP server on some other LAN. Connection always fails. I used debug to trace and got this:

ftp: (192.168.1.51/17449 -> 72.3.177.105/21)

ftp: empty ack packet

tcpseq: rexmit packet seq=2703977631, snd_next=2703977632, window (2703977632-2704042751)

ftp: (192.168.1.51/17449 <- 72.3.177.105/21)

ftp: empty ack packet

tcpseq: rexmit packet seq=723827714, snd_next=723829195, window (723827714-723893259)

ftp: (192.168.1.51/24467 -> 72.3.177.105/21)

ftp: empty ack packet

ftp: (192.168.1.51/24467 <- 72.3.177.105/21)

ftp: empty ack packet

ftp: (192.168.1.51/24467 -> 72.3.177.105/21)

ftp: empty ack packet

User name & pass are correct because connection to the FTP site works from my PIX at home.

If I send a config file can someone look at it and see why connections are not estabilshing? It's probably due to the access-list or lack of an entry, but I don't know where.

We have our own internal FTP server which works fine from the outside.

Fixup 21 is running.

I connected to ftp.cisco.com with no problem.

Thanks for any help you can give,

Vince

14 REPLIES

Re: Outgoing FTP Connection Fails

Vince,

Post away and we can help you out.

Patrick

New Member

Re: Outgoing FTP Connection Fails

Thanks Patrick. Here's the conf as of this morning.

Regards,

Vince

Re: Outgoing FTP Connection Fails

Vince,

Questions

This FTP site is it out on the internet or is it behind your PIX. Can you give us a brief description of where everything is logically located example:

FTPserver---Internet----PIX---CLIENT or

CLIENT---Internet---PIX---RTR---FTPserver

From your config and your post I'm guessing its out in the internet.

Patrick

New Member

Re: Outgoing FTP Connection Fails

I'm behind a PIX 515e; that's the config for it.

I'm trying to get to ftp.nitrosell.com. There is a user name and password for the site.

I don't know if the FTP server (ftp.nitrosell.com) is behind a router or firewall.

My setup:

My PC-> PIX515e-> ->FTP.nitrosell.com (supposedly it's passive FTP)

Again, this connection has been made from behind my PIX 501 at home. the FTP cleint is not the problem. I've connected from MS FTP client and others from outside my business' network.

Thanks,

Vince

New Member

Re: Outgoing FTP Connection Fails

Correction- There is a router on my network.

My setup:

My PC-> PIX515e-> Cisco 1700-> FTP.nitrosell.com (supposedly it's passive FTP)

The 1700 is not controlled by us, it's controlled by the ISP (AT&T) It's not suppose to block anything.

Re: Outgoing FTP Connection Fails

I don't see anything specifically that should be causing this problem. I'm sure you have tried other ftp sites but what was the results of using some other ftp program to connect to that server, and using filezilla to other ftp servers?

Patrick

New Member

Re: Outgoing FTP Connection Fails

Well, I have tried several FTP clients. I tried the Cisco FTP site with the client and it worked fine.

FileZilla was recommended by Nitrosell, the FTP host.

Can you recommend any FTP clients.

New Member

Re: Outgoing FTP Connection Fails

Have tried 3 other FTP clients, here is a log from one:

Status: Connecting to ftp.nitrosell.com ...

Trace: FtpControlSocket.cpp(921): OnConnect(0) OpMode=1 OpState=-1 caller=0x003ad224

Status: Connected with ftp.nitrosell.com. Waiting for welcome message...

Error: Timeout detected!

Trace: FtpControlSocket.cpp(1060): DoClose(0) OpMode=1 OpState=-1 caller=0x003ad224

Trace: FtpControlSocket.cpp(3882): ResetOperation(4100) OpMode=1 OpState=-1 caller=0x003ad224

Error: Unable to connect!

Status: Waiting to retry... (5 retries left)

Status: Connecting to ftp.nitrosell.com ...

Trace: FtpControlSocket.cpp(921): OnConnect(0) OpMode=1 OpState=-1 caller=0x003ad224

Status: Connected with ftp.nitrosell.com. Waiting for welcome message...

Error: Timeout detected!

Trace: FtpControlSocket.cpp(1060): DoClose(0) OpMode=1 OpState=-1 caller=0x003ad224

Trace: FtpControlSocket.cpp(3882): ResetOperation(4100) OpMode=1 OpState=-1 caller=0x003ad224

Error: Unable to connect!

Status: Waiting to retry... (4 retries left)

Status: Connecting to ftp.nitrosell.com ...

Trace: FtpControlSocket.cpp(921): OnConnect(0) OpMode=1 OpState=-1 caller=0x003ad224

Status: Connected with ftp.nitrosell.com. Waiting for welcome message...

New Member

Re: Outgoing FTP Connection Fails

try to create a global policy. here are the statements:

class-map inspection_default

match default-inspection-traffic

policy-map global_policy

class inspection_default

inspection ftp

inspection icmp

service-policy global_policy global

Let me know if this helps

New Member

Re: Outgoing FTP Connection Fails

I just found out something that might make this more clear. I think it's a NAT problem. I read a few Cisco FTP troubleshooting docs and found some info that pointed me to NAT.

Our Web server has a global address that translated to an internal address, so I tested the Nitrosell FTP server from my web server and I got connected.

However, I don't know what to do about it without messing up the configuration. I don't have a PIX test environment.

What can I do to resolve this and not break my setup? Will the global policy help with this issue?

My config file is posted, Please advise.

Thanks for your help,

Vince

Green

Re: Outgoing FTP Connection Fails

Have you tried it as a standard FTP? (i.e., not "passive")?

New Member

Re: Outgoing FTP Connection Fails

I've tried every which way. I tried active again just now and it didn't connect.

Green

Re: Outgoing FTP Connection Fails

Are there any other paths out of your network to the Internet, and / or, are you using any proxies?

If the data was leaving from another path and returning via the PIX, the state engine would drop the traffic because it didn't see the original (outbound) requests.

Also, have you checked your PC for software firewalls (i.e., Black Ice or ZoneAlarm)?

Does the DOS command line FTP do the same thing?

Good Luck

Scott

Silver

Re: Outgoing FTP Connection Fails

One advise to isolate the problem, try to connect your PC to the outside switch and get a free real IP from the subnet allocated by your ISP. Try to FTP, if it works than the problem is on the PIX and if not then the problem is from the router to ISP. If the FTP works from outside try to make a special global NAT On the pix for your pc from the inside and try to see if it works aswell.

Let me know if the above works,

524
Views
0
Helpful
14
Replies
CreatePlease to create content