Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX

Hi ppl,

I am trying to ftp from a LAN behind a firewall to our HQ which is running a PIX 5.1. We have created an acl to allow my source ip (1.1.1.1)to the ftp server (2.2.2.2). But i got connection timed out. My syslog only shown the following

<87>Feb 22 2004 12:32:46: %PIX-4-106019: IP packet from 1.1.1.1 to 2.2.2.2, protocol 17 received from interface "outside" deny by access-group "ACL_in"

I understand that protocol 17 is used by UDP, but what cause my ftp to become a UDP protocol? fixup protocol 21 was configured. Could NAT or PAT causes the problem?

advises needed, thank you!

3 REPLIES
Gold

Re: PIX

Hi,

This error is logged when you have a deny ACL statement applied to the relevant interface i.e. your outside interface, check your ACL's that are applied on the outside interface.

Thanks - Jay

New Member

Re: PIX

thanks Jay, our ACL only allow port 80 and ftp. BUt not UDP. My query is that i was connecting using ftp from one site behind a firewall to our HQ which is running PIX. BUt on the PIX syslog, the only traffic that i can see from this source address to the ftp server is only protocol 17 (UDP) instead of what i am expecting (ftp 21)? Will NAT or PAT cause the problem?

THanks!!! :)

New Member

Re: PIX

hi

Pls check this things

1) Do have any acl applied on inside interface(for testing)

2) Apply the acl u used as on outside interface direction out in acl group.

3) telnet 2.2.2.2 21

Thanks

sat

162
Views
0
Helpful
3
Replies
CreatePlease login to create content