04-12-2010 11:34 AM
Hello
I have a ACE 4710 setup in a test environment(and context) with 2 filezilla FTP servers on the back end and a Win7 laptop on the front end with a FTP client(s). The ACE is setup to load balance by source(the requirement for our project).
When the laptop tries to FTP to the Filezilla FTP servers it connects, enters passive mode, and sends a WLSD command to get a directory listing, but never gets it. If the Win7 laptop is put on the same vlan as the Filezilla FTP servers, behind the ACE, everything works fine.
As far as I can tell the ACE configs doesn’t have any sort of deny acl acting on this traffic. *attached* The FTP client always connects, its just the directory listing that doesn't seem to work.. and we need it to work for the app this is targeting.
Any help is greatly appreciated.
e-
04-13-2010 10:27 AM
Hi Eric,
I would expect this to work since you have the 'any' keyword. Try adding the 'inspect ftp' to your class as shown here.
HTH,
Sean
04-16-2010 07:31 AM
Yeah me too!
So after much packet capturing and hair pulling and general dismay, we(me, another admin, and a local var ccie) think this is a app layer issue. We added the inspect command but it wouldnt take without a nat pool in place, so we added that.
We found a packet in the FTP client that tells the server the real IP of client to the server. This is the only oddity that we can locate. Of course I admit we arent using a ACE in the normal way an ACE would be used, we LB by source not destination.
I put telnet servers on my targets and they also communicate directly to the clients IP, but they layer 2 back to the ace first, whereas the FTP server doesnt. We are still working on it to try and find a way to make FTP happy.
e-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide