Solved: Passive FTP in PIX 6.3(5)106

abhisar patil · ‎11-12-2012

Dear All,

How can I allow passive ftp communication in PIX 6.3(5)106.

Thank You,

Abhisar.

Jennifer Halim · ‎11-13-2012

Is this for outbound or inbound FTP?

For outbound FTP:

1) Configure:

fixup protocol ftp 21

2) Then if you have any access-list on the inside interface, allow tcp/21

For inbound FTP:

1) Configure:

fixup protocol ftp 21

2) Configure static NAT statement for the FTP server

3) Configure access-list on the outside interface to allow TCP/21 on the NATed IP.

Jennifer Halim · ‎11-13-2012

Is this for outbound or inbound FTP?

For outbound FTP:

1) Configure:

fixup protocol ftp 21

2) Then if you have any access-list on the inside interface, allow tcp/21

For inbound FTP:

1) Configure:

fixup protocol ftp 21

2) Configure static NAT statement for the FTP server

3) Configure access-list on the outside interface to allow TCP/21 on the NATed IP.

abhisar patil · ‎11-13-2012

Thank You Jennifer,

It is outboud ftp, all the mentioned things are alreay configured. We can login to the FTP server but can not pull the data.

Also, I have added following command but still no change in the result.

fixup protocol ftp 20

Thank You,

Abhisar.

Jennifer Halim · ‎11-13-2012

Pls kindly remove: fixup protocol ftp 20

as that actually breaks it.

abhisar patil · ‎11-13-2012

Dear Jennifer,

Now it is working, issue was in switch ACL, we allowed 20,21,1024-65535 ports on the switch.

fixup protocol ftp 21 is working fine in pix.

Thank You,

Abhisar.

Jennifer Halim · ‎11-13-2012

Excellent.. thanks for the update and ratings.