https://community.cisco.com/t5/network-security/ftp-mode-passive/m-p/2216944#M350019 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The configuration should only be related to the firewall device itself and not the connections going through it.</P><P></P><P>I would suggest first monitoring the problematic connections through the logs.</P><P></P><P>Or possible configuring traffic capture on the firewall device to see if there is any return traffic.</P><P></P><P>Other than that should naturally confirm that no NAT configuration or their order isnt causing problems OR that there is no problem with routing.</P><P></P><P>Why are you moving to the FWSM by the way? Its a product on its way out of the market and is replaced by the ASASM which again supports software levels past 8.2.</P><P></P><P>Naturally if we are talking about existing equipment then its understandable, but otherwise ASASM or a separate new ASA would be a better choice for example because of the software levels supported.</P><P></P><P>- Jouni</P></BODY></HTML> Mon, 13 May 2013 12:27:40 GMT Jouni Forss 2013-05-13T12:27:40Z https://community.cisco.com/t5/network-security/ftp-mode-passive/m-p/2216943#M350018 <P>Hello all,</P><P>I have one issue. I have to migrate some customers from ASA 5510 /8.2(5)26 to FWSM /4.1(9) &lt;context&gt;. Passive mode is not working on FWSM.</P><P>Config is same on both devices, NAT,ACL,inspection,routing..everything except one command ftp mode passive. </P><P>Can command ftp mode passive cause the issue? Or this command is used for passive FTP from FW not thru FW?</P> Tue, 12 Mar 2019 01:42:24 GMT https://community.cisco.com/t5/network-security/ftp-mode-passive/m-p/2216943#M350018 Michal Valach 2019-03-12T01:42:24Z https://community.cisco.com/t5/network-security/ftp-mode-passive/m-p/2216944#M350019 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The configuration should only be related to the firewall device itself and not the connections going through it.</P><P></P><P>I would suggest first monitoring the problematic connections through the logs.</P><P></P><P>Or possible configuring traffic capture on the firewall device to see if there is any return traffic.</P><P></P><P>Other than that should naturally confirm that no NAT configuration or their order isnt causing problems OR that there is no problem with routing.</P><P></P><P>Why are you moving to the FWSM by the way? Its a product on its way out of the market and is replaced by the ASASM which again supports software levels past 8.2.</P><P></P><P>Naturally if we are talking about existing equipment then its understandable, but otherwise ASASM or a separate new ASA would be a better choice for example because of the software levels supported.</P><P></P><P>- Jouni</P></BODY></HTML> Mon, 13 May 2013 12:27:40 GMT https://community.cisco.com/t5/network-security/ftp-mode-passive/m-p/2216944#M350019 Jouni Forss 2013-05-13T12:27:40Z https://community.cisco.com/t5/network-security/ftp-mode-passive/m-p/2216945#M350020 <HTML><HEAD></HEAD><BODY><P>Their routing/NAT is also ok, because he is getting login prompt, but once moving to passive mode (PASV message) he is getting disconnecting. I think we will ask them to move to active mode on capture data.</P><P>I do not know why FWSM, but I think is temporary.</P><P></P><P>Thank you!</P></BODY></HTML> Mon, 13 May 2013 13:30:42 GMT https://community.cisco.com/t5/network-security/ftp-mode-passive/m-p/2216945#M350020 Michal Valach 2013-05-13T13:30:42Z https://community.cisco.com/t5/network-security/ftp-mode-passive/m-p/2216946#M350021 <HTML><HEAD></HEAD><BODY><P>Hi Michal,</P><P></P><P>Can you post the 'show run' for review and also captures once you've those?</P><P></P><P>-</P><P>Sourav</P></BODY></HTML> Mon, 13 May 2013 15:27:54 GMT https://community.cisco.com/t5/network-security/ftp-mode-passive/m-p/2216946#M350021 sokakkar 2013-05-13T15:27:54Z https://community.cisco.com/t5/network-security/ftp-mode-passive/m-p/2216947#M350022 <HTML><HEAD></HEAD><BODY><P>Hi I am sorry but I cannot paste whole config here. </P><P></P><P>But as I said, ACL is correct, NAT is there, routing, FTP inspection....</P></BODY></HTML> Tue, 14 May 2013 09:53:51 GMT https://community.cisco.com/t5/network-security/ftp-mode-passive/m-p/2216947#M350022 Michal Valach 2013-05-14T09:53:51Z