Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2674
Views
0
Helpful
3
Replies

Deny tcp src inside: WHY?????????????

albertobrivio42
Level 1
Level 1

‎10-29-2009 09:42 AM - edited ‎03-11-2019 09:34 AM

Dear ALL,

I have a PIX 515E 6.3 , a ftp server on windows 2000. A customer of me, sometimes esperinces ftp sessions hung without any particular reason. In the PIX's log I can find this error: Deny tcp src inside:192.168.0.239/20 dst outside: a.b.c.d/2435 by access-group "acl-outbound"

Why this behaviour since acl-outbound acl permit ftp sessions?

Regards

Alberto Brivio

Labels:
0 Helpful
3 Replies 3

Panos Kampanakis
Cisco Employee
Cisco Employee

‎10-29-2009 10:09 AM

You can check for ftp fixup. If it is enabled that could explain the behavior. If the fixed timed out then the pinholoe for ftp is no longer open.

I hope it helps.

PK

0 Helpful

albertobrivio42
Level 1
Level 1
In response to Panos Kampanakis

‎10-30-2009 01:20 AM

FTP fixup is enabled, but ftp session is no longer than 2 minutes so how can it timed out?

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to albertobrivio42

‎10-30-2009 01:51 PM

Not likely.

Unless the inspection tears the data channel connection for some other reason.

PK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card