Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
241
Views
0
Helpful
1
Replies

Securing FTP with SSL through a PIX

nikolaj
Level 1
Level 1

‎11-18-2003 05:26 PM - edited ‎02-20-2020 11:06 PM

I'm having difficulties setting up a secure FTP behind a PIX.

The "good old" FTP server works just fine. The PIX fixup processes the FTP traffic and translates the internal IP to the public...

When the FTP server SSL encodes the traffic the control connection actually works, but when the client issues the PASV command, the data connection fails. I can see on the client that the IP is the internal server IP - so it looks like fixup hasn't processed it.

I would guess that fixup can't see into the SSL encoded traffic.

Does anybody have suggestions / experiences with this?

Regards,

Nikolaj

0 Helpful
1 Reply 1

nkhawaja
Cisco Employee
Cisco Employee

‎11-18-2003 10:09 PM

I dont think PIX or any FW will check the SSL payload

SSL is encrypted traffic

If the SSL session terminates on a host other than the PIX -- such

as on the FTP server itself -- it's absolutely impossible for the

PIX to examine the payload and open/close pinholes for the FTP data

connection.

If it were possible for PIX to look into the payload, the security offered by SSL would itself be ineffective.

Just a thought, that it wont work out for you.

Thanks

Nadeem

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card