Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Pix 520 and Passive ftp sessions.

We have been running into the problem with vendors that we initiate FTP sessions to. We do not allow inbound access and passive connections will not work with their FTP server. They use Microsoft FTP servers and they have port security setup on them. We have tried the ftp Quote command but it still does not work. They are willing to work with us but do not know what changes would allow us to make passive connections without compromising their security.


Re: Pix 520 and Passive ftp sessions.

Generally speaking, the FTP server and its network is more secure with Active FTP because only one port needs to be opened inbound to the FTP server. (21) Passive requires some range of upper ports to be opened. (1024-5000 by default for IIS)

Microsoft IIS/FTP supports Active FTP. What firewall is on your side?

New Member

Re: Pix 520 and Passive ftp sessions.

I have a Cisco pix 520.


Re: Pix 520 and Passive ftp sessions.

Since you have a Pix 520, the fixup for FTP will take care of the port negotiation on your side. I suggest you have them enable Active FTP to provide the highest security on their side while providing the functionality for your FTP clients.

What kind of firewall is on their side?

CreatePlease to create content