cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1659
Views
5
Helpful
5
Replies

ASA5506 drops some files in passive FTP

Yura Kazakevich
Level 1
Level 1

Hi everyone,

 

Very strange issue with FTP inspection on Cisco ASA5506-X (9.8(2)20). Passive mode works fine, BUT not for all files...

For example (look at screenshot), user can download any file (txt) except this one 34313622.210.

 

ftp1.jpg

 

 

 

 

 

 

 

As you can see at screenshot, size of downloaded file 34313622.210 is incorrect.

In Passive mode all other files can be downloaded without problems. The same issue from time to time apears for others users in different folders. I've checked these files - simple txt files. I can open them without problems on FTP server (Filezilla FTP 0.9.55) for reading or editing.

If I try download the "incorect" file (34313622.210) in Active mode - everything works fine! The issue persists in Passive mode ONLY.

When connection drops in PASV mode I see count of droped packets is growing in ASA. Invalid EPSV format drop grows as well:

 

asa1.jpg

 

 

Could somebody tell me how to solve it?

 

My configuration is pretty simple. I did it using this guide.

 

asa2.jpg

1 Accepted Solution

Accepted Solutions

Dennis Mink
VIP Alumni
VIP Alumni

i suggest you raise this with TAC , based on  

 

https://quickview.cloudapps.cisco.com/quickview/bug/CSCso23893

 

even though you are not running this version. Also test with ftp inspection turned off

Please remember to rate useful posts, by clicking on the stars below.

View solution in original post

5 Replies 5

Dennis Mink
VIP Alumni
VIP Alumni

i suggest you raise this with TAC , based on  

 

https://quickview.cloudapps.cisco.com/quickview/bug/CSCso23893

 

even though you are not running this version. Also test with ftp inspection turned off

Please remember to rate useful posts, by clicking on the stars below.

I turned off inspection FTP and it helped. Passive mode is working properly now - no problems with files anymore.
Thank you!

Ilkin
Cisco Employee
Cisco Employee
Is this an IPv4 or IPv6 connection?

This is IPv4 connection.

Hi Ilkin,
Can you help? What info I need provide in order to solve issue?
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: