https://community.cisco.com/t5/network-access-control/ftp-error-using-pix-firewall-with-acs-server/m-p/243173#M10225 <HTML><HEAD></HEAD><BODY><P>First, thanks for the answer. But I think this isn´t the solution for our problem. We use authentication by using virtual telnet command. So we have to authenticate at first http connection (a windows-popup appears and we do authentication using external database (ADS) from ACS-Server). Timeout for uauth is 08:30:00 so we don´t have to authenticate for this time again. Now we can use all allowed connection, but not all ftp connection (a few ftp-server works well)! If we try to download files over internetbrowser (IE, Netscape) it hangs on! I try to do this using console I get the same problem. Please look at the attachements!</P><P></P><P> </P><P></P></BODY></HTML> Thu, 15 Jul 2004 06:41:38 GMT mueti 2004-07-15T06:41:38Z https://community.cisco.com/t5/network-access-control/ftp-error-using-pix-firewall-with-acs-server/m-p/243171#M10223 <P>to use internet, we have to authenticate at pix, version 6.2.3, over acs-server. now, if we try to connect any ftp-server we get reply from the server with the authenticated user-id (from acs-server). we can logged in as anonymous and email-address for password but then connection hanged on. if we use global configuration with "no aaa authentication ...." for the internal ip address i don´t have to authenticate and the ftp-connection started as well! what´s going wrong?</P><P>thanks a lot for your help</P> Fri, 21 Feb 2020 18:10:40 GMT https://community.cisco.com/t5/network-access-control/ftp-error-using-pix-firewall-with-acs-server/m-p/243171#M10223 mueti 2020-02-21T18:10:40Z https://community.cisco.com/t5/network-access-control/ftp-error-using-pix-firewall-with-acs-server/m-p/243172#M10224 <HTML><HEAD></HEAD><BODY><P>I assume from this you're authenticating FTP traffic outbound through your PIX. When doing this, you will be returned a username/password prompt by the PIX, not by the remote FTP server. When you enter in the username, you have to enter it in as follows:</P><P></P><P> local-username@remote-username</P><P></P><P>and for the password enter:</P><P></P><P> local-password@remote-password</P><P></P><P>The PIX will forward the local username/password off to the ACS server for authentication, and if that passes, it forwards the remote username/password off to the remote FTP server and completes the connection.</P><P></P><P>Check out this link:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea9.shtml#usersees" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea9.shtml#usersees</A></P></BODY></HTML> Wed, 14 Jul 2004 23:03:11 GMT https://community.cisco.com/t5/network-access-control/ftp-error-using-pix-firewall-with-acs-server/m-p/243172#M10224 gfullage 2004-07-14T23:03:11Z https://community.cisco.com/t5/network-access-control/ftp-error-using-pix-firewall-with-acs-server/m-p/243173#M10225 <HTML><HEAD></HEAD><BODY><P>First, thanks for the answer. But I think this isn´t the solution for our problem. We use authentication by using virtual telnet command. So we have to authenticate at first http connection (a windows-popup appears and we do authentication using external database (ADS) from ACS-Server). Timeout for uauth is 08:30:00 so we don´t have to authenticate for this time again. Now we can use all allowed connection, but not all ftp connection (a few ftp-server works well)! If we try to download files over internetbrowser (IE, Netscape) it hangs on! I try to do this using console I get the same problem. Please look at the attachements!</P><P></P><P> </P><P></P></BODY></HTML> Thu, 15 Jul 2004 06:41:38 GMT https://community.cisco.com/t5/network-access-control/ftp-error-using-pix-firewall-with-acs-server/m-p/243173#M10225 mueti 2004-07-15T06:41:38Z