<188>Oct 30 2003 07:14:40: %PIX-4-106023: Deny tcp src outside:216.139.21.18/20 dst inside:10.10.0.23/3739 by access-group "outside-in"

Hi -

First here's the explanation:

106023

Error Message %PIX-4-106023: Deny protocol src [interface_name:source_address/source_port] dst interface_name:dest_address/dest_port [type {string}, code {code}] by access_group acl_ID

Explanation An IP packet was denied by the ACL. This message displays even if you do not have the log option enabled for an ACL.

Have you got ACLs applied for the FTP session, if so, makesure you have apporiate access-group applied to the correct interface and remember to issue command - clear xlate after modifying any ACLs or static commands.

Let me know how you get on.

Thanks -

ftp is allowed out and is not blocked coming in.

I can FTP to the site, traverse directories... but when I issue the LS command or GET command... that's where it hangs and the errors occur.

hmmm... nslookups are not returning proper results.

Yes. This is the problem. We have two DNS domains, one we allow reverse DNS and one we don't. I tried to issue the LS and GET commands from the domain without reverse lookup and it failed. I issued the LS and GET commands from the domain with reverse lookup enabled and it worked. Thanks!