Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
0
Helpful
2
Replies

PIX 525 fails to allow SSL over FTP

jmcaden
Level 1
Level 1

‎01-27-2005 03:48 PM - edited ‎02-20-2020 11:53 PM

We have a PIX 525 running Ver 6.1(4) with three interfaces, one Inside, one DMZ, and the Outside. We installed a FTP server on the DMZ, and want to run FTP with SSL. The FTP programs run from the Inside, but fail from the Outside. The FTP server can authenticate to an inside Active Directory server. The failure is from the Outside when encryption is turned on. The client is authenticated but does not get to a directory listing. The hole from the Outside:

static (dmz3,outside) 192.168.180.13 172.30.7.13 netmask 255.255.255.255 0 0

conduit permit tcp host 192.168.180.13 eq ftp any

Should this work? Or is there some basic reason it fails?

0 Helpful
2 Replies 2

abertram
Level 5
Level 5

‎01-27-2005 04:53 PM

You should be alright as the pix would not be affecting the SFTP directory listing. Most likely this has to do with the FTP server trying to use PASV or the client. Common problems with running FTP servers behind a firewall regardless of brand. Have you modified settings on the client and server with regards to passive/PASV mode?

Also I usually suggest getting rid of the conduit statements by replacing them with ACL's as conduits are legacy mechanisms that are soon to be unavailable in the command set.

access-list 100 permit tcp any host 192.168.180.13 eq ftp

Should do the trick.

Hope this gives you some places to look regarding your ftp problem.

0 Helpful

stan_lee_br
Level 1
Level 1

‎02-02-2005 12:08 PM

Try doing a "no fixup ftp". The PIX is probably doing deep packet inspection, and can't understand the SSL tunnel.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card