https://community.cisco.com/t5/network-security/ftp-issues-thru-pix-515/m-p/116248#M663307 <HTML><HEAD></HEAD><BODY><P>Yes . . . I have fixup protocol ftp 21 configured on the PIX.</P></BODY></HTML> Thu, 01 May 2003 12:30:13 GMT rjsatter 2003-05-01T12:30:13Z https://community.cisco.com/t5/network-security/ftp-issues-thru-pix-515/m-p/116246#M663304 <P>Looking for the most secure way to allow FTP transfers through our corporate Firewall.</P><P></P><P>Right now if an FTP is initiated from the inside network . . . we can connect to the FTP site and login but cannot execute commands like "ls -al" or actually move data.</P><P></P><P>I can see my firewall blocking inbound tcp connections from the FTP server on ports 20 and what appears to be a randomly generated tcp port. </P> Fri, 21 Feb 2020 06:42:58 GMT https://community.cisco.com/t5/network-security/ftp-issues-thru-pix-515/m-p/116246#M663304 rjsatter 2020-02-21T06:42:58Z https://community.cisco.com/t5/network-security/ftp-issues-thru-pix-515/m-p/116247#M663306 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>is the ftp fixup protocol enabled?</P><P></P><P>Regards,</P><P>Tom</P></BODY></HTML> Wed, 30 Apr 2003 22:28:47 GMT https://community.cisco.com/t5/network-security/ftp-issues-thru-pix-515/m-p/116247#M663306 tvanginneken 2003-04-30T22:28:47Z https://community.cisco.com/t5/network-security/ftp-issues-thru-pix-515/m-p/116248#M663307 <HTML><HEAD></HEAD><BODY><P>Yes . . . I have fixup protocol ftp 21 configured on the PIX.</P></BODY></HTML> Thu, 01 May 2003 12:30:13 GMT https://community.cisco.com/t5/network-security/ftp-issues-thru-pix-515/m-p/116248#M663307 rjsatter 2003-05-01T12:30:13Z https://community.cisco.com/t5/network-security/ftp-issues-thru-pix-515/m-p/116249#M663309 <HTML><HEAD></HEAD><BODY><P>I do not think port 20 is random it is ftp-data port you may need to open this up on the firewall... Also have you tried using passive mode in your ftp client </P><P></P><P>--Brian </P><P></P><P></P></BODY></HTML> Thu, 01 May 2003 12:35:17 GMT https://community.cisco.com/t5/network-security/ftp-issues-thru-pix-515/m-p/116249#M663309 bmuha 2003-05-01T12:35:17Z https://community.cisco.com/t5/network-security/ftp-issues-thru-pix-515/m-p/116250#M663310 <HTML><HEAD></HEAD><BODY><P>Here is what I see being blocked on the firewall for each command I try to issue once I am connected to the FTP server . . . my private network address is being xlated to 216.248.65.178. </P><P></P><P>106001: Inbound TCP connection denied from 207.177.41.14/6411 to 216.248.65.178/113 flags SYN on interface outside</P><P></P><P>106001: Inbound TCP connection denied from 207.177.41.14/20 to 216.248.65.178/1132 flags SYN on interfaceoutside</P><P></P><P>The 207.177.41.14 address is the address of the server I connect to via FTP. Connect works but no other commands work.</P><P></P><P></P><P></P></BODY></HTML> Thu, 01 May 2003 12:41:10 GMT https://community.cisco.com/t5/network-security/ftp-issues-thru-pix-515/m-p/116250#M663310 rjsatter 2003-05-01T12:41:10Z