cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


255
Views
5
Helpful
5
Replies

ASA5506 drops some files in passive FTP

Hi everyone,

 

Very strange issue with FTP inspection on Cisco ASA5506-X (9.8(2)20). Passive mode works fine, BUT not for all files...

For example (look at screenshot), user can download any file (txt) except this one 34313622.210.

 

ftp1.jpg

 

 

 

 

 

 

 

As you can see at screenshot, size of downloaded file 34313622.210 is incorrect.

In Passive mode all other files can be downloaded without problems. The same issue from time to time apears for others users in different folders. I've checked these files - simple txt files. I can open them without problems on FTP server (Filezilla FTP 0.9.55) for reading or editing.

If I try download the "incorect" file (34313622.210) in Active mode - everything works fine! The issue persists in Passive mode ONLY.

When connection drops in PASV mode I see count of droped packets is growing in ASA. Invalid EPSV format drop grows as well:

 

asa1.jpg

 

 

Could somebody tell me how to solve it?

 

My configuration is pretty simple. I did it using this guide.

 

asa2.jpg

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor

Re: ASA5506 drops some files in passive FTP

i suggest you raise this with TAC , based on  

 

https://quickview.cloudapps.cisco.com/quickview/bug/CSCso23893

 

even though you are not running this version. Also test with ftp inspection turned off

Please remember to rate useful posts, by clicking on the stars below.

5 REPLIES 5
VIP Advisor

Re: ASA5506 drops some files in passive FTP

i suggest you raise this with TAC , based on  

 

https://quickview.cloudapps.cisco.com/quickview/bug/CSCso23893

 

even though you are not running this version. Also test with ftp inspection turned off

Please remember to rate useful posts, by clicking on the stars below.

Re: ASA5506 drops some files in passive FTP

I turned off inspection FTP and it helped. Passive mode is working properly now - no problems with files anymore.
Thank you!
Cisco Employee

Re: ASA5506 drops some files in passive FTP

Is this an IPv4 or IPv6 connection?

Re: ASA5506 drops some files in passive FTP

This is IPv4 connection.

Re: ASA5506 drops some files in passive FTP

Hi Ilkin,
Can you help? What info I need provide in order to solve issue?