05-13-2013 04:03 AM - edited 03-11-2019 06:42 PM
Hello all,
I have one issue. I have to migrate some customers from ASA 5510 /8.2(5)26 to FWSM /4.1(9) <context>. Passive mode is not working on FWSM.
Config is same on both devices, NAT,ACL,inspection,routing..everything except one command ftp mode passive.
Can command ftp mode passive cause the issue? Or this command is used for passive FTP from FW not thru FW?
Solved! Go to Solution.
05-13-2013 05:27 AM
Hi,
The configuration should only be related to the firewall device itself and not the connections going through it.
I would suggest first monitoring the problematic connections through the logs.
Or possible configuring traffic capture on the firewall device to see if there is any return traffic.
Other than that should naturally confirm that no NAT configuration or their order isnt causing problems OR that there is no problem with routing.
Why are you moving to the FWSM by the way? Its a product on its way out of the market and is replaced by the ASASM which again supports software levels past 8.2.
Naturally if we are talking about existing equipment then its understandable, but otherwise ASASM or a separate new ASA would be a better choice for example because of the software levels supported.
- Jouni
05-13-2013 05:27 AM
Hi,
The configuration should only be related to the firewall device itself and not the connections going through it.
I would suggest first monitoring the problematic connections through the logs.
Or possible configuring traffic capture on the firewall device to see if there is any return traffic.
Other than that should naturally confirm that no NAT configuration or their order isnt causing problems OR that there is no problem with routing.
Why are you moving to the FWSM by the way? Its a product on its way out of the market and is replaced by the ASASM which again supports software levels past 8.2.
Naturally if we are talking about existing equipment then its understandable, but otherwise ASASM or a separate new ASA would be a better choice for example because of the software levels supported.
- Jouni
05-13-2013 06:30 AM
Their routing/NAT is also ok, because he is getting login prompt, but once moving to passive mode (PASV message) he is getting disconnecting. I think we will ask them to move to active mode on capture data.
I do not know why FWSM, but I think is temporary.
Thank you!
05-13-2013 08:27 AM
Hi Michal,
Can you post the 'show run' for review and also captures once you've those?
-
Sourav
05-14-2013 02:53 AM
Hi I am sorry but I cannot paste whole config here.
But as I said, ACL is correct, NAT is there, routing, FTP inspection....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide