Re: FTP broken pipe with Cisco PIX 525

sema-atos · ‎05-10-2007

Hello,

our customer has a problem with ftp protocol: when he try to GET-FTP from DMZ to INSIDE network after few seconds he received ftp broken pipe!

I have done several tests inserting the PERMIT IP ANY ANY rule but the problem has remained. the PIX was initially equipped with the release 6.3(3): I replaced it with release 6.3(5) as shown in the CSCeg52090 Bug but the problem remains.

Can you help me?

Thanks

Massimiliano

orovanziv · ‎05-10-2007

Check if he use Passive ftp or active FTP. and what client he is using, most client knows how to handle this automatically.

sema-atos · ‎05-10-2007

Hi,

we have done test using several ftp client in passive and active mode but the result is always "broken pipe"; further tests have been executed using the ftp directly from the DOS command .... After few seconds the FTP goes down.

Now I think that the only solution is upgrade to 7 software version; what do you think?

Thanks

Massimiliano

hoogen_82 · ‎05-10-2007

Could you post your configuration.

-Hoogen

palomoj · ‎05-10-2007

are you using 'fixup protocol ftp strict' or without the 'strict'?

have you done any packet captures?

sema-atos · ‎05-11-2007

Hi,

I am using ftp without strict; when I put packet analyzer on Inside network I see TCP/IP RST PACKET with IP source FTP server after few ACK PACKET FROM FTP client to FTP server. When I put packet analyzer on DMZ network I have the same situation: ACK from FTP server and after RST packet from FTP client to FTP server. I don't think that there is TCP windows problem: when I excluded the pix and I execute ftp lan to lan there is not problem. What do you think?