Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
0
Helpful
2
Replies

FTP problem through ASA 8.6

muhammadusman77
Level 1
Level 1

‎05-31-2017 10:10 PM - edited ‎03-12-2019 02:26 AM

Dear Experts,

i am trying to connect to an FTP server which is placed at outside (internet) with a public IP. firewall is able to ping FTP public IP, but my system placed at inside interface of my firewall with gateway of inside ip of firewall  unable to communicate with FTP server.The moment i try to connect with FTP it just establish connection logged in and disconnect when retrieving directory. At the same time my PC without passing through firewall with another gateway is successfully logged upload and downloading file.

ASA setting is

ftp mode passive

inspect ftp

#:sh service-policy

Global policy:
Service-policy: global_policy
Class-map: inspection_default

.

.

.


Inspect: ip-options _default_ip_options_map, packet 0, lock fail 0, drop 0, reset-drop 0
Inspect: ftp, packet 186, lock fail 0, drop 0, reset-drop 8

reset-drop start increasing when i try to reconnect with FTP.

Here is output of my FTP client:

Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/"
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Error: Disconnected from server: ECONNABORTED - Connection aborted
Error: Failed to retrieve directory listin

ASA syslog messages here:

6|May 31 2017 22:41:19|302013: Built outbound TCP connection 1734841 for outside:x.x.x.x/21 (x.x.x.x/21) to inside:172.20.1.127/63626 (210.56.16.106/63626)
6|May 31 2017 22:41:19|302014: Teardown TCP connection 1734817 for outside:x.x.x.x/21 to inside:172.20.1.127/63623 duration 0:00:17 bytes 429 TCP FINs
6|May 31 2017 22:41:24|302013: Built outbound TCP connection 1734848 for outside:x.x.x.x/21 (x.x.x.x/21) to inside:172.20.1.127/63627 (210.56.16.106/63627)
6|May 31 2017 22:41:24|302014: Teardown TCP connection 1734841 for outside:x.x.x.x/21 to inside:172.20.1.127/63626 duration 0:00:

 

Labels:
0 Helpful
2 Replies 2

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎06-01-2017 02:45 AM

Hi,

Did you check by disabling ftp inspection and then test?

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful

muhammadusman77
Level 1
Level 1
In response to Aditya Ganjoo

‎06-01-2017 02:56 AM

aditya,

yes i already checked but same problem.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card