How can I use passive FTP through the Pix Firewall?? I've tried everything to get this to work. I've tried using established commands. I've tried using conduit commands enabling all the high ports back to the originating host (1024-65535). Nothing is working.
However, once I do "no fixup protocol ftp" it works just fine. However, our other FTP operations fail when I do this. Is there any way I can get these two functions to work through our PIX?
Huge thanks in advance. My company is very dependant on these services.
8:08:02am %PIX-5-106015: Deny TCP (no connection) from a.b.c.d/80 to flags PSH ACK
It looks like the PIX tears down the connection before I'm finished. Any reason why? Is there a timeout issue going on? This has been working for a few months now. I had to turn off our PIX's to move them to a new location, and then brought them back up. The contents of the memory were saved. I'm having the hardest time trying to figure this out.
When you do the no ftp fixup ptotocol, you are disabling the ftp server to open the ftp data connection to the client to establish the data connections. If you want both port mode and passive mode to work at the same time. add an access list that specifically allow the ftp servers to open data connection from port 21 to the clients, good luck.
Thank you very much for your response! That makes alot of sense. Would I also use a conduit command opening up the port back through the firewall, or would I just need an access-list? I have one access-list applied to my inside interface, and use conduit commands to come back through the firewall into my private network.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :