https://community.cisco.com/t5/network-security/ftp-not-working-thru-pix/m-p/221641#M610254 <P>Trying to FTP from inside to outside. It works with nat 0 but when I use a static mapping from a.b.c.148(inside address) to a.b.c.120(outside address) it will not work. They are in different subnets. </P><P></P><P>The PIX seems to just ignore the packet. There is no error message or denies!</P><P></P><P>fixup protocol ftp strict 21 (also tried with fixup protocol ftp 21)</P><P></P><P>global (outside) 1 192.1.3.32 netmask 255.255.255.224</P><P>nat (inside) 0 192.1.3.128 255.255.255.224 0 0</P><P>static (inside,outside) 192.1.3.117 Workstation1 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 192.1.3.118 Workstation2 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 192.1.3.119 Workstation3 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 192.1.3.120 Workstation4 netmask 255.255.255.255 0 0</P><P></P><P>Connections to external ftp server (SYN timeout)</P><P></P><P>106100: access-list from-noc-lan permitted tcp inside/192.1.3.148(1531) -&gt; outsi</P><P>de/199.1.1.200(21) hit-cnt 1 (first hit)</P><P>302013: Built outbound TCP connection 7595411 for outside:199.1.1.200/21 (199.1.</P><P>1.200/21) to inside:192.1.3.148/1531 (192.1.3.120/1531)</P><P>710005: UDP request discarded from 192.1.3.135/138 to inside:192.1.3.159/netbios</P><P>-dgm</P><P>302014: Teardown TCP connection 7595409 for outside:199.1.1.200/21 to inside:192</P><P>.1.3.148/1530 duration 0:02:01 bytes 0 SYN Timeout</P><P></P><P></P><P></P><P>Any ideas?</P><P></P><P></P> Fri, 21 Feb 2020 07:09:40 GMT jkampmeyer 2020-02-21T07:09:40Z https://community.cisco.com/t5/network-security/ftp-not-working-thru-pix/m-p/221641#M610254 <P>Trying to FTP from inside to outside. It works with nat 0 but when I use a static mapping from a.b.c.148(inside address) to a.b.c.120(outside address) it will not work. They are in different subnets. </P><P></P><P>The PIX seems to just ignore the packet. There is no error message or denies!</P><P></P><P>fixup protocol ftp strict 21 (also tried with fixup protocol ftp 21)</P><P></P><P>global (outside) 1 192.1.3.32 netmask 255.255.255.224</P><P>nat (inside) 0 192.1.3.128 255.255.255.224 0 0</P><P>static (inside,outside) 192.1.3.117 Workstation1 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 192.1.3.118 Workstation2 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 192.1.3.119 Workstation3 netmask 255.255.255.255 0 0</P><P>static (inside,outside) 192.1.3.120 Workstation4 netmask 255.255.255.255 0 0</P><P></P><P>Connections to external ftp server (SYN timeout)</P><P></P><P>106100: access-list from-noc-lan permitted tcp inside/192.1.3.148(1531) -&gt; outsi</P><P>de/199.1.1.200(21) hit-cnt 1 (first hit)</P><P>302013: Built outbound TCP connection 7595411 for outside:199.1.1.200/21 (199.1.</P><P>1.200/21) to inside:192.1.3.148/1531 (192.1.3.120/1531)</P><P>710005: UDP request discarded from 192.1.3.135/138 to inside:192.1.3.159/netbios</P><P>-dgm</P><P>302014: Teardown TCP connection 7595409 for outside:199.1.1.200/21 to inside:192</P><P>.1.3.148/1530 duration 0:02:01 bytes 0 SYN Timeout</P><P></P><P></P><P></P><P>Any ideas?</P><P></P><P></P> Fri, 21 Feb 2020 07:09:40 GMT https://community.cisco.com/t5/network-security/ftp-not-working-thru-pix/m-p/221641#M610254 jkampmeyer 2020-02-21T07:09:40Z https://community.cisco.com/t5/network-security/ftp-not-working-thru-pix/m-p/221642#M610255 <HTML><HEAD></HEAD><BODY><P>Do a "show xlate local ip-workstation". You might need to execute a clear xlate for your inside hosts.</P><P></P><P>Also I'm missing the reason why you use a "global (outside) 1...". Do you also use have a "nat (inside) 1..." ?</P><P></P><P>Finally, what was the log looked before you use a static maping?</P><P></P></BODY></HTML> Thu, 18 Dec 2003 18:59:26 GMT https://community.cisco.com/t5/network-security/ftp-not-working-thru-pix/m-p/221642#M610255 mpalardy 2003-12-18T18:59:26Z https://community.cisco.com/t5/network-security/ftp-not-working-thru-pix/m-p/221643#M610256 <HTML><HEAD></HEAD><BODY><P>I have the same problem. I tried adding service resetinbound and established permitto 113 as cisco's docs suggested.</P></BODY></HTML> Mon, 29 Dec 2003 20:32:54 GMT https://community.cisco.com/t5/network-security/ftp-not-working-thru-pix/m-p/221643#M610256 sbosen67 2003-12-29T20:32:54Z