cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2388
Views
0
Helpful
4
Replies

ftp mode passive

Michal Valach
Level 1
Level 1

Hello all,

I have one issue. I have to migrate some customers from ASA 5510 /8.2(5)26 to FWSM /4.1(9) <context>. Passive mode is not working on FWSM.

Config is same on both devices, NAT,ACL,inspection,routing..everything except one command ftp mode passive.

Can command ftp mode passive cause the issue? Or this command is used for passive FTP from FW not thru FW?

1 Accepted Solution

Accepted Solutions

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

The configuration should only be related to the firewall device itself and not the connections going through it.

I would suggest first monitoring the problematic connections through the logs.

Or possible configuring traffic capture on the firewall device to see if there is any return traffic.

Other than that should naturally confirm that no NAT configuration or their order isnt causing problems OR that there is no problem with routing.

Why are you moving to the FWSM by the way? Its a product on its way out of the market and is replaced by the ASASM which again supports software levels past 8.2.

Naturally if we are talking about existing equipment then its understandable, but otherwise ASASM or a separate new ASA would be a better choice for example because of the software levels supported.

- Jouni

View solution in original post

4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

The configuration should only be related to the firewall device itself and not the connections going through it.

I would suggest first monitoring the problematic connections through the logs.

Or possible configuring traffic capture on the firewall device to see if there is any return traffic.

Other than that should naturally confirm that no NAT configuration or their order isnt causing problems OR that there is no problem with routing.

Why are you moving to the FWSM by the way? Its a product on its way out of the market and is replaced by the ASASM which again supports software levels past 8.2.

Naturally if we are talking about existing equipment then its understandable, but otherwise ASASM or a separate new ASA would be a better choice for example because of the software levels supported.

- Jouni

Their routing/NAT is also ok, because he is getting login prompt, but once moving to passive mode (PASV message) he is getting disconnecting. I think we will ask them to move to active mode on capture data.

I do not know why FWSM, but I think is temporary.

Thank you!

Hi Michal,

Can you post the 'show run' for review and also captures once you've those?

-

Sourav

Hi I am sorry but I cannot paste whole config here.

But as I said, ACL is correct, NAT is there, routing, FTP inspection....

Review Cisco Networking for a $25 gift card