https://community.cisco.com/t5/network-security/pix-525-fails-to-allow-ssl-over-ftp/m-p/344798#M552167 <HTML><HEAD></HEAD><BODY><P>You should be alright as the pix would not be affecting the SFTP directory listing. Most likely this has to do with the FTP server trying to use PASV or the client. Common problems with running FTP servers behind a firewall regardless of brand. Have you modified settings on the client and server with regards to passive/PASV mode?</P><P></P><P>Also I usually suggest getting rid of the conduit statements by replacing them with ACL's as conduits are legacy mechanisms that are soon to be unavailable in the command set.</P><P></P><P>access-list 100 permit tcp any host 192.168.180.13 eq ftp</P><P></P><P>Should do the trick.</P><P></P><P>Hope this gives you some places to look regarding your ftp problem.</P></BODY></HTML> Fri, 28 Jan 2005 00:53:00 GMT abertram 2005-01-28T00:53:00Z https://community.cisco.com/t5/network-security/pix-525-fails-to-allow-ssl-over-ftp/m-p/344797#M552166 <P>We have a PIX 525 running Ver 6.1(4) with three interfaces, one Inside, one DMZ, and the Outside. We installed a FTP server on the DMZ, and want to run FTP with SSL. The FTP programs run from the Inside, but fail from the Outside. The FTP server can authenticate to an inside Active Directory server. The failure is from the Outside when encryption is turned on. The client is authenticated but does not get to a directory listing. The hole from the Outside:</P><P>static (dmz3,outside) 192.168.180.13 172.30.7.13 netmask 255.255.255.255 0 0</P><P>conduit permit tcp host 192.168.180.13 eq ftp any</P><P></P><P>Should this work? Or is there some basic reason it fails?</P><P></P><P></P> Fri, 21 Feb 2020 07:53:54 GMT https://community.cisco.com/t5/network-security/pix-525-fails-to-allow-ssl-over-ftp/m-p/344797#M552166 jmcaden 2020-02-21T07:53:54Z https://community.cisco.com/t5/network-security/pix-525-fails-to-allow-ssl-over-ftp/m-p/344798#M552167 <HTML><HEAD></HEAD><BODY><P>You should be alright as the pix would not be affecting the SFTP directory listing. Most likely this has to do with the FTP server trying to use PASV or the client. Common problems with running FTP servers behind a firewall regardless of brand. Have you modified settings on the client and server with regards to passive/PASV mode?</P><P></P><P>Also I usually suggest getting rid of the conduit statements by replacing them with ACL's as conduits are legacy mechanisms that are soon to be unavailable in the command set.</P><P></P><P>access-list 100 permit tcp any host 192.168.180.13 eq ftp</P><P></P><P>Should do the trick.</P><P></P><P>Hope this gives you some places to look regarding your ftp problem.</P></BODY></HTML> Fri, 28 Jan 2005 00:53:00 GMT https://community.cisco.com/t5/network-security/pix-525-fails-to-allow-ssl-over-ftp/m-p/344798#M552167 abertram 2005-01-28T00:53:00Z https://community.cisco.com/t5/network-security/pix-525-fails-to-allow-ssl-over-ftp/m-p/344799#M552168 <HTML><HEAD></HEAD><BODY><P>Try doing a "no fixup ftp". The PIX is probably doing deep packet inspection, and can't understand the SSL tunnel.</P></BODY></HTML> Wed, 02 Feb 2005 20:08:49 GMT https://community.cisco.com/t5/network-security/pix-525-fails-to-allow-ssl-over-ftp/m-p/344799#M552168 stan_lee_br 2005-02-02T20:08:49Z