active FTP does not work

lkadlik · ‎10-10-2011

Hi,

I have an asa 5520 that works fine if you are using passive ftp and ftp inspection is on globally. It is not working for an active ftp session. I tried allowing all ports back to the external ip address of the internal client as a test and this did not work either.

Cisco Adaptive Security Appliance Software Version 8.0(3)

Device Manager Version 6.2(3)

policy-map Global_Policy

description Global Policy for Traffic Inspection

class Inspection_Default

inspect dns

inspect ftp

inspect h323 h225

inspect h323 ras

inspect icmp

inspect ipsec-pass-thru

inspect mgcp

inspect pptp

inspect rsh

inspect rtsp

inspect sip

inspect skinny

inspect snmp

inspect sqlnet

inspect tftp

inspect xdmcp

inspect http

I read another article saying that this command needs to be on the asa "fixup protocol ftp 21"

If this is enabled will it show on the firewall? How do I enable it? Will it cause any issues if I enable it ? Is there anything else the issue could be?

Thank you.

Lynne

lcaruso · ‎10-10-2011

Hi,

Without looking over many pages of release notes with issues addressed, I cannot say definitely that this would address your problem, but I still recommend you upgrade from 8.0(3) to 8.4(2).

There have been so many issues addressed since that version of code, and in general it is not a good idea to remain on an x.0 release of code indefintely. I have personally seen upgrades from 8.0x solve several problems.

lcaruso · ‎10-10-2011

Also, ASDM 6.4(5) would be a good idea.