11-03-2003 06:13 AM - edited 03-09-2019 05:22 AM
Hi
Debugging fixup ftp shows that the ports are opening up. I am able to log into the internal network using ftp, but am not able to exectute any commands. The connection times out.
This happens even if I use a 'permit all access-list on the outside interface of the pix'
Any help will be appreciated...
Below is the syslog excerpt...
302013: Built inbound TCP connection 15 for outside:192.168.200.28/1082 (192.168
.200.28/1082) to inside:139.66.16.128/21 (139.66.16.128/21)
302013: Built inbound TCP connection 16 for outside:192.168.200.28/1083 (192.168
.200.28/1083) to inside:139.66.16.128/20 (139.66.16.128/20)
111009: User 'enable_15' executed cmd: show debug
111009: User 'enable_15' executed cmd: show logging
111009: User 'enable_15' executed cmd: show logging
302014: Teardown TCP connection 16 for outside:192.168.200.28/1083 to inside:139
.66.16.128/20 duration 0:02:00 bytes 0 TCP FINs
Thanks, Shervan
11-03-2003 06:22 AM
Please ensure that you are not having issues with reverse DNS on your internal network. See this link:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094459.shtml
Revere DNS not working can and WILL cause LS and GET commands not to work.
11-03-2003 06:25 AM
FTP into the network... this might mean the domain you are logging in from does not have reverse dns working properly or set up. You may want to look into disabling reverse DNS from the FTP server.
11-03-2003 06:37 AM
Hi, the system being configured is a point to point connection, outside of a larger network, so there is no DNS used at all. The pix has however got the default settings for domain. Should DNS matter here?
The network connected to the outside network is of a 'stub' topology.
11-03-2003 07:17 AM
A classic symptom of reverse dns issues, is when you try to FTP and you get funky results, such as:
You can ftp to the site, traverse directories, but not issue LS or GET commands. It normally means that the domain you are initiating the FTP from, has reverse DNS issues. A lot of FTP sites do a reverse lookup on clients that ftp to their site. It could also be an IDENT issue... The article has good info in it. See if there is a way to turn off reverse dns lookup on the ftp server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide