cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
146
Views
0
Helpful
3
Replies
Highlighted
Beginner

Failed Active FTP connections through a PIX 7.2.1

I have a PIX running version 7.2.1 and when users on the inside try to start FTP connections to FTP servers on the outside, they can only do so in FTP Passive mode, and not FTP Active (ports) mode.

What is the best way to fix this?

Thanks,

Neal.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: Failed Active FTP connections through a PIX 7.2.1

Do you have ftp inspection turned on? It sounds like ftp inspection is turned off which will allow passive to work but not active.

View solution in original post

3 REPLIES 3
Highlighted
Beginner

Re: Failed Active FTP connections through a PIX 7.2.1

Do you have ftp inspection turned on? It sounds like ftp inspection is turned off which will allow passive to work but not active.

View solution in original post

Highlighted
Beginner

Re: Failed Active FTP connections through a PIX 7.2.1

I put this in the config, and it now works:

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect http

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

inspect pptp

!

service-policy global_policy global

Thanks for your help.

Highlighted
Beginner

Re: Failed Active FTP connections through a PIX 7.2.1

Actually i pulled that default global policy from an older 7.0.x config that seemed to be there from the start. It wasn't in the fresh 7.2.1 configs at all? plus i can't seem to find it, or the options in ASDM 5.2.1. but it must be there i guess?

Problem solved anyway.