Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
910
Views
0
Helpful
1
Replies

ASA sftp issue

luckymike33
Level 1
Level 1

‎03-09-2017 03:10 AM - edited ‎03-12-2019 02:02 AM

Hi,

I am having an issue getting sftp to work and it seems to be caused by the ASA.

I can sftp from the open internet from my home pc to the destination using filezilla, but not using the same machine when I use the corporate connection.

Despite allowing my ip address throuhg the firewall out to all destinations.

Of course the sftp service providers blame our firewall, and it is hard to disagree, although when you start to look at the details it may not be as simple as that.

Does anyone know whether sftp is supported through the ASA - although it seems as though it is a much simpler protocol than ftp, i.e. no control and data channel, just a single channel.

The code version we are using is 9.4(2)11.

What is interesting is the ASA capture shows the 3-way handshake being setup, and then straight away, it received a FIN-ACK from the other side. Which is as if the server or server firewall is seeing the 3rd packet of the 3 way handshake as a FIN. Unfortunately the other side is not a Cisco device so there is not much in the way of logs.

Has anyone seen anything like this before?

Best wishes

Mike

I can attach captures is required.

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-10-2017 07:35 PM

SFTP simply runs inside of an SSH session.  Can you SSH out?  Can you SFTP to a different location?

The other chance is an MTU mis-configuration.  Commonly symptoms of this is it connects but fails to transfer data. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card