Passive FTP does not work from outside through static all ports open
Have ftp clients connecting from the outside of a pix to a FTP server on the inside. Active FTP and passive FTP works fine internally. Have one to one static mapping of a global ip address on the outside to the ftp server on the inside. Active FTP from the clients work fine but passive FTP does not work. Infact opened all the ports using conduit still does not work.
This what I have already done.
1 Opened all ports for the FTP server.
2 Configured norandomseq on the static.
Will disabling fixup ftp help
Version of pix code 6.01.
Also another question. Although I enter norandomseq option for a particular static statement it does not reflect in the running config. Is it a default option or is there something wrong in the code. Tried removing the static command and adding it back with the norandomseq option.
Re: Passive FTP does not work from outside through static all po
disabling the 'fixup protocol ftp' will no solve your problem. If you do that, the active ftp will also stop working.
With active ftp, both the 'control' and the 'data' channel are initiated by the client. With passive ftp the client initiates the 'control' channel and the server initiates the 'data' channel. So something is preventing the ftp server to setup the 'data' channel back to the client.
Is there an access-list applied to the inside interface preventing the server to setup the data channel?
Is it possible to try replacing the 'conduit' commands with 'access-list' commands?
If it still does't work, could you please post the config (!!replace public addresses and passwords!!)?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...