Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.


Intermittent FTP Troubles ?

I seem to be having an issue with my FTP (passive FTP). The thing to note is that whenever the router is freshly rebooted that everything works fine. No timeouts, no FTP problems or anything. However as time wears on, we slowly start to get FTP connection issues. Hosts that were able to FTP yesterday are no longer able to FTP today.

I don't feel the issue is with the FTP server as the server is able to receive FTP's just fine from inside the network. It is just these inbound FTP connections from the internet which continue to have issues.

Here's my relevant NAT configs:

ip nat inside source static tcp 20 20 extendable

ip nat inside source static tcp 21 21 extendable

Anyone know of anything which would cause issues such as this? Any NAT parameters or other things which might need to be adjusted?

Thanks for your help,

B Jim


Re: Intermittent FTP Troubles ?

Hi Jim,

In passive FTP server passively hear for both data and control signals.

The ftp server will give the ftp client a random port in that range > 1024 to connect to for data transmission.

and then your server would be accessed for data connection of FTP on those ports rather than 20(normally).

Check if this port is other than 20.

Also do u have any inbound filter like access-list etc.Check if those are blocking the port given by server that is provided for data connection..


Re: Intermittent FTP Troubles ?


Before you reboot the router next, capture "show tech-support" output.

How passive (PASV) FTP mode:

command : client >1023 -> server 21

data : client >1023 -> server >1023



New Member

Re: Intermittent FTP Troubles ?

Are you using INSPECT FTP? We had an issue with our ASA with the INSPECT statement.


Re: Intermittent FTP Troubles ?

This is what I do not understand. This

is 2008, not 1998. FTP should be banned.

It is not only un-secure, supporting it is a

nightmare due to the nature of the protocol

control and data ports, whatever.

The best solution is to use SecureFTP. sFTP

runs over ssh so there is only one port,

tcp port 22, to worry about. Easy to setup

and configure. In the /etc/ssh/sshd_config,

just enable it. Better yet, most Unix sshd

comes with sftp system enable by default.

sFTP is so easy to maintain and support,

and secure especially with AES256-cbc with

SHA-1 configuration.

my 2c