Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Securing FTP with SSL through a PIX

I'm having difficulties setting up a secure FTP behind a PIX.

The "good old" FTP server works just fine. The PIX fixup processes the FTP traffic and translates the internal IP to the public...

When the FTP server SSL encodes the traffic the control connection actually works, but when the client issues the PASV command, the data connection fails. I can see on the client that the IP is the internal server IP - so it looks like fixup hasn't processed it.

I would guess that fixup can't see into the SSL encoded traffic.

Does anybody have suggestions / experiences with this?

Regards,

Nikolaj

1 REPLY
Cisco Employee

Re: Securing FTP with SSL through a PIX

I dont think PIX or any FW will check the SSL payload

SSL is encrypted traffic

If the SSL session terminates on a host other than the PIX -- such

as on the FTP server itself -- it's absolutely impossible for the

PIX to examine the payload and open/close pinholes for the FTP data

connection.

If it were possible for PIX to look into the payload, the security offered by SSL would itself be ineffective.

Just a thought, that it wont work out for you.

Thanks

Nadeem

106
Views
0
Helpful
1
Replies
CreatePlease to create content