09-21-2006 06:23 AM - edited 02-21-2020 01:11 AM
I have a PIX running version 7.2.1 and when users on the inside try to start FTP connections to FTP servers on the outside, they can only do so in FTP Passive mode, and not FTP Active (ports) mode.
What is the best way to fix this?
Thanks,
Neal.
Solved! Go to Solution.
09-21-2006 06:40 AM
Do you have ftp inspection turned on? It sounds like ftp inspection is turned off which will allow passive to work but not active.
09-21-2006 06:40 AM
Do you have ftp inspection turned on? It sounds like ftp inspection is turned off which will allow passive to work but not active.
09-21-2006 07:04 AM
I put this in the config, and it now works:
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect pptp
!
service-policy global_policy global
Thanks for your help.
09-21-2006 01:20 PM
Actually i pulled that default global policy from an older 7.0.x config that seemed to be there from the start. It wasn't in the fresh 7.2.1 configs at all? plus i can't seem to find it, or the options in ASDM 5.2.1. but it must be there i guess?
Problem solved anyway.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide