Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2809
Views
0
Helpful
4
Replies

ftp mode passive

Go to solution
Michal Valach
Level 1
Level 1

‎05-13-2013 04:03 AM - edited ‎03-11-2019 06:42 PM

Hello all,

I have one issue. I have to migrate some customers from ASA 5510 /8.2(5)26 to FWSM /4.1(9) <context>. Passive mode is not working on FWSM.

Config is same on both devices, NAT,ACL,inspection,routing..everything except one command ftp mode passive.

Can command ftp mode passive cause the issue? Or this command is used for passive FTP from FW not thru FW?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎05-13-2013 05:27 AM

Hi,

The configuration should only be related to the firewall device itself and not the connections going through it.

I would suggest first monitoring the problematic connections through the logs.

Or possible configuring traffic capture on the firewall device to see if there is any return traffic.

Other than that should naturally confirm that no NAT configuration or their order isnt causing problems OR that there is no problem with routing.

Why are you moving to the FWSM by the way? Its a product on its way out of the market and is replaced by the ASASM which again supports software levels past 8.2.

Naturally if we are talking about existing equipment then its understandable, but otherwise ASASM or a separate new ASA would be a better choice for example because of the software levels supported.

- Jouni

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎05-13-2013 05:27 AM

Hi,

The configuration should only be related to the firewall device itself and not the connections going through it.

I would suggest first monitoring the problematic connections through the logs.

Or possible configuring traffic capture on the firewall device to see if there is any return traffic.

Other than that should naturally confirm that no NAT configuration or their order isnt causing problems OR that there is no problem with routing.

Why are you moving to the FWSM by the way? Its a product on its way out of the market and is replaced by the ASASM which again supports software levels past 8.2.

Naturally if we are talking about existing equipment then its understandable, but otherwise ASASM or a separate new ASA would be a better choice for example because of the software levels supported.

- Jouni

0 Helpful

Go to solution
Michal Valach
Level 1
Level 1
In response to Jouni Forss

‎05-13-2013 06:30 AM

Their routing/NAT is also ok, because he is getting login prompt, but once moving to passive mode (PASV message) he is getting disconnecting. I think we will ask them to move to active mode on capture data.

I do not know why FWSM, but I think is temporary.

Thank you!

0 Helpful

Go to solution
sokakkar
Cisco Employee
Cisco Employee
In response to Michal Valach

‎05-13-2013 08:27 AM

Hi Michal,

Can you post the 'show run' for review and also captures once you've those?

-

Sourav

0 Helpful

Go to solution
Michal Valach
Level 1
Level 1
In response to sokakkar

‎05-14-2013 02:53 AM

Hi I am sorry but I cannot paste whole config here.

But as I said, ACL is correct, NAT is there, routing, FTP inspection....

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card