Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
824
Views
0
Helpful
4
Replies

Problems With FTP and PIX

jimmy-mcintyre
Level 1
Level 1

‎01-30-2007 03:21 AM - edited ‎03-11-2019 02:25 AM

We have a problem with running FTP through the PIX, either in active or passive modes.

We have a fixup running for ftp on 21, the pix sits behind a perimeter router, and I have checked that it is not an ACL on it that is causing the issue.

We are using PAT and internal DNS on the inside. We have external DNS for our external IP addresses.

I have seen this article on the Cisco site the error I see is the same but I get a resolve on my IP

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094459.shtml

Anyone any ideas what the problem could be.

Labels:
0 Helpful
4 Replies 4

vijayasankar
Level 4
Level 4

‎01-30-2007 04:03 AM

Hi,

On the Same URL, it has been mentioned that if you are having the same symptoms, and if you are able to get DNS resolution for your ip, then the reason might be due to IDENT protocol.

Here's the URL on troubleshooting this issue.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094317.shtml

Have you looked at it already...

-VJ

0 Helpful

jimmy-mcintyre
Level 1
Level 1
In response to vijayasankar

‎01-30-2007 08:40 AM

I saw that and didn't think it applied, although I did try to add service resetinbound

As for the other step adding the establised permitto 113 will not fly

Maybe it is another issue not related to this article. The problem I see is connections being made sucessfully then at some point during the tranfer it fails.

Below is a log that shows the active connections on 21, the 10.7.48.36 is my address, anyone any idea what the UFRIO section means?

PIX# show conn protocol tcp fport 21

TCP out 72.3.236.219:21 in 10.7.48.36:1082 idle 0:03:21 Bytes 1299 flags UFRIO

TCP out 72.3.236.219:21 in 10.7.48.36:1081 idle 0:04:02 Bytes 227 flags UFRIO

TCP out 88.46.254.34:21 in 10.10.17.30:3343 idle 0:00:00 Bytes 41488 flags UIO

0 Helpful

dentt
Level 1
Level 1
In response to jimmy-mcintyre

‎01-30-2007 10:00 AM

Add the detail keyword to the end of your show conn command.

0 Helpful

vijayasankar
Level 4
Level 4
In response to jimmy-mcintyre

‎01-30-2007 08:22 PM

Hi,

Thanks for the update.

Refer to the Table 25-10 provided in this URL, for detailed explanation on the connection flags that you observe in the "show conn" output.

http://cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a008063f0fe.html#wp1179782

From the capture that you have provided, it appears that the outside FTP server is sending a "FIN", which indicates that the server is closing the TCP connection for some reason.

You need to check with the owner of that FTP server to investigate the root cause for why the server is closing the connection.

To augment your observation, you can take a sniffer/ethereal trace from your inside FTP client. In this trace, you will observe that the server is sending a TCP reset packet, indicating a closure of connection.

Provide this capture to FTP server admin and request for an explanation.

Hope this helps.

-VJ

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card