https://community.cisco.com/t5/network-security/ftp-over-tls-not-working/m-p/2005658#M435208 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>FTPS is not supported in the ASA.</P><P>Due to the problem of traffic beeing encrypted.</P><P></P><P>However you can in some FTPS servers setup that you are only able to use some few ports.</P><P>Then you can open for all those ports that you have choosen.</P><P></P><P>If you want a better alternative than FTPS use SFTP.</P><P>FTPS is firewall unfriendly</P><P>SFTP is firewall friendly</P><P></P><P>SFTP will work correctly all the time.</P><P></P><P>Good luck</P><P></P><P>HTH</P></BODY></HTML> Fri, 01 Jun 2012 19:02:00 GMT hobbe 2012-06-01T19:02:00Z https://community.cisco.com/t5/network-security/ftp-over-tls-not-working/m-p/2005654#M435173 <P>hi all, </P><P></P><P>i configured port redirection on ASA to allow external user access to Internal FTPS Server.&nbsp; but it's not working</P><P> i use Filezilla client to access but i have this error.</P><P></P><P><EM>Statut :&nbsp;&nbsp;&nbsp; Connexion à x.x.x.x:21...</EM></P><P><EM>Statut :&nbsp;&nbsp;&nbsp; Connexion établie, attente du message d'accueil...</EM></P><P><EM>Réponse :&nbsp;&nbsp;&nbsp; 220-Microsoft FTP Service</EM></P><P><EM>Réponse :&nbsp;&nbsp;&nbsp; 220 FTP-Server FTP</EM></P><P><EM>Commande :&nbsp;&nbsp;&nbsp; AUTH TLS</EM></P><P><EM>Réponse :&nbsp;&nbsp;&nbsp; 234 AUTH command ok. Expecting TLS Negotiation.</EM></P><P><EM style="color: #800000; ">Statut :&nbsp;&nbsp;&nbsp; Initialisation de TLS...</EM></P><P><EM style="color: #800000; ">Erreur :&nbsp;&nbsp;&nbsp; Délai d'attente expiré</EM></P><P><EM style="color: #800000; ">Erreur :&nbsp;&nbsp;&nbsp; Impossible d'établir une connexion au serveur</EM></P><P></P><P></P><P>please can somebody know what can cause this issue ?</P><P></P><P>thanks for your help </P> Mon, 11 Mar 2019 23:14:24 GMT https://community.cisco.com/t5/network-security/ftp-over-tls-not-working/m-p/2005654#M435173 piatthi1983 2019-03-11T23:14:24Z https://community.cisco.com/t5/network-security/ftp-over-tls-not-working/m-p/2005655#M435183 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Is this FTPS server working on active mode?</P><P></P><P>Can you share the nat configuration for the server?</P><P></P><P>Regards,</P><P></P><P>Julio</P></BODY></HTML> Fri, 01 Jun 2012 15:49:08 GMT https://community.cisco.com/t5/network-security/ftp-over-tls-not-working/m-p/2005655#M435183 Julio Carvajal 2012-06-01T15:49:08Z https://community.cisco.com/t5/network-security/ftp-over-tls-not-working/m-p/2005656#M435191 <HTML><HEAD></HEAD><BODY><P>ASA is configured in Passive Mode.</P><P></P><P></P><P></P><P>this is NAT configuration</P><P></P><P>static (DMZ1,outside) tcp&nbsp; interface&nbsp; 20&nbsp; 'ftps-server-private IP'&nbsp; 20</P><P>static (DMZ1,outside) tcp&nbsp; interface&nbsp; 21&nbsp; 'ftps-server-private IP'&nbsp; 21</P><P></P><P></P><P>access-list outside_access_in&nbsp; extended permit tcp any host 'Outside_public_IP' eq 20</P><P>access-list outside_access_in&nbsp; extended permit tcp any host 'Outside_public_IP' eq 21</P></BODY></HTML> Fri, 01 Jun 2012 15:55:16 GMT https://community.cisco.com/t5/network-security/ftp-over-tls-not-working/m-p/2005656#M435191 piatthi1983 2012-06-01T15:55:16Z https://community.cisco.com/t5/network-security/ftp-over-tls-not-working/m-p/2005657#M435200 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P></P><P>Here is a document that you will need to read <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P><A _jive_internal="true" href="https://community.cisco.com/docs/DOC-23206">https://supportforums.cisco.com/docs/DOC-23206</A></P><P></P><P>As you can see you will be using&nbsp;&nbsp; FTPS (FTP over SSL) that uses port 990 for the control channel (this information is encrypted) and the data channel goes on plain text.</P><P></P><P>Is there a way you can use a static one to one and then allow port 990 on the outside ACL?</P><P></P><P>Regards,</P></BODY></HTML> Fri, 01 Jun 2012 16:32:46 GMT https://community.cisco.com/t5/network-security/ftp-over-tls-not-working/m-p/2005657#M435200 Julio Carvajal 2012-06-01T16:32:46Z https://community.cisco.com/t5/network-security/ftp-over-tls-not-working/m-p/2005658#M435208 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>FTPS is not supported in the ASA.</P><P>Due to the problem of traffic beeing encrypted.</P><P></P><P>However you can in some FTPS servers setup that you are only able to use some few ports.</P><P>Then you can open for all those ports that you have choosen.</P><P></P><P>If you want a better alternative than FTPS use SFTP.</P><P>FTPS is firewall unfriendly</P><P>SFTP is firewall friendly</P><P></P><P>SFTP will work correctly all the time.</P><P></P><P>Good luck</P><P></P><P>HTH</P></BODY></HTML> Fri, 01 Jun 2012 19:02:00 GMT https://community.cisco.com/t5/network-security/ftp-over-tls-not-working/m-p/2005658#M435208 hobbe 2012-06-01T19:02:00Z