Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1197
Views
0
Helpful
3
Replies

FTP update / passive mode problems

dottom123
Level 1
Level 1

‎03-01-2005 11:00 PM - edited ‎03-10-2019 01:18 AM

I'm having problems performing an FTP update command on 4.1.4. I've tried all the various combinations of passive mode, etc.

Has anyone seen the IDS not be able to pull updates in passive mode?

Here is the FTP server log of the session:

Wed Mar 2 01:41:24 2005 [pid 24387] CONNECT: Client "a.b.c.d"

Wed Mar 2 01:41:24 2005 [pid 24387] FTP response: Client "a.b.c.d", "220 (vsFTPd 1.2.1)"

Wed Mar 2 01:41:24 2005 [pid 24387] FTP command: Client "a.b.c.d", "USER cisco"

Wed Mar 2 01:41:24 2005 [pid 24387] [cisco] FTP response: Client "a.b.c.d", "331 Please specify the password."

Wed Mar 2 01:41:24 2005 [pid 24387] [cisco] FTP command: Client "a.b.c.d", "PASS <password>"

Wed Mar 2 01:41:24 2005 [pid 24386] [cisco] OK LOGIN: Client "a.b.c.d"

Wed Mar 2 01:41:24 2005 [pid 24388] [cisco] FTP response: Client "a.b.c.d", "230 Login successful."

Wed Mar 2 01:41:24 2005 [pid 24388] [cisco] FTP command: Client "a.b.c.d", "PWD"

Wed Mar 2 01:41:24 2005 [pid 24388] [cisco] FTP response: Client "a.b.c.d", "257 "/""

Wed Mar 2 01:41:24 2005 [pid 24388] [cisco] FTP command: Client "a.b.c.d", "EPSV"

Wed Mar 2 01:41:24 2005 [pid 24388] [cisco] FTP response: Client "a.b.c.d", "229 Entering Extended Passive Mode (|||5562|)"

Labels:
0 Helpful
3 Replies 3

vkapoor5
Level 5
Level 5

‎03-08-2005 07:38 AM

If you have a pix firewall in between your client and server, you may have to disable fixup for ftp for the passive mode ftp to work.

0 Helpful

dottom123
Level 1
Level 1
In response to vkapoor5

‎03-08-2005 08:54 AM

We've gotten past this initial problem by forcing passive mode on FTP server to specific narrow port range (so we could punch hole in firewall).

The problem now is no data is transfered during the FTP get. FTP server log shows authentication, cd into directory, switch to binary mode, and FTP get command... but tcpdump shows no data transfered. The IDS sensor errors out with "0 of xxx bytes transfered". I've adjusted the timeout time in networkParams and it just takes that much longer to timeout with same "0 of xxx bytes transfered" error message.

I had similar issues with SCP updates as well. This is a VPN tunnel over the WAN.

0 Helpful

kjetildahl
Level 1
Level 1

‎03-08-2005 08:17 AM

I've been experiencing some problems with "upgrade ftp://****" as well.

One way of getting around this (which I am sure is not recommended by Cisco), is:

* Login to the sensor using your service account

* FTP to where your IDS signature is, and "get" the file (which I find often works even when upgrade-FTP does not).

* copy the file into /usr/cids/idsRoot/htdocs/public

* then, when logged in as an Administrator, do "upgrade https://@/

(basically copying the file to the sensor, and then upgrading from itself using its HTTPS server)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card