Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
622
Views
0
Helpful
7
Replies

FTP not working

Go to solution
bfl1
Level 1
Level 1

‎10-30-2003 06:43 AM - edited ‎03-09-2019 05:20 AM

Neither FTP nor Passive FTP is working properly. I can connect out to an FTP site. I issue the ls command or the get command and it hangs. The syslog shows the return traffic comming back on TCP 3379 being denied.

fixup protocol ftp 21 is defined. I even deleted the fixup and added it again, still no luck. I checked for any denies in the ACL that would block the port/ip of the ftp server and nothing. Any ideas?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jmia
Level 7
Level 7
In response to bfl1

‎10-30-2003 08:35 AM

Hi -

Please read the following cisco doc:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094459.shtml

Thanks, and let me know how you get on.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
jmia
Level 7
Level 7

‎10-30-2003 06:55 AM

Hi -

Can you post your syslog message here please.

Thanks.

0 Helpful

Go to solution
bfl1
Level 1
Level 1
In response to jmia

‎10-30-2003 07:47 AM

<188>Oct 30 2003 07:14:40: %PIX-4-106023: Deny tcp src outside:216.139.21.18/20 dst inside:10.10.0.23/3739 by access-group "outside-in"

0 Helpful

Go to solution
jmia
Level 7
Level 7
In response to bfl1

‎10-30-2003 07:58 AM

Hi -

First here's the explanation:

106023

Error Message %PIX-4-106023: Deny protocol src [interface_name:source_address/source_port] dst interface_name:dest_address/dest_port [type {string}, code {code}] by access_group acl_ID

Explanation An IP packet was denied by the ACL. This message displays even if you do not have the log option enabled for an ACL.

Have you got ACLs applied for the FTP session, if so, makesure you have apporiate access-group applied to the correct interface and remember to issue command - clear xlate after modifying any ACLs or static commands.

Let me know how you get on.

Thanks -

0 Helpful

Go to solution
bfl1
Level 1
Level 1
In response to jmia

‎10-30-2003 08:10 AM

ftp is allowed out and is not blocked coming in.

I can FTP to the site, traverse directories... but when I issue the LS command or GET command... that's where it hangs and the errors occur.

0 Helpful

Go to solution
jmia
Level 7
Level 7
In response to bfl1

‎10-30-2003 08:35 AM

Hi -

Please read the following cisco doc:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094459.shtml

Thanks, and let me know how you get on.

0 Helpful

Go to solution
bfl1
Level 1
Level 1
In response to jmia

‎10-30-2003 08:51 AM

hmmm... nslookups are not returning proper results.

0 Helpful

Go to solution
bfl1
Level 1
Level 1
In response to jmia

‎10-30-2003 09:36 AM

Yes. This is the problem. We have two DNS domains, one we allow reverse DNS and one we don't. I tried to issue the LS and GET commands from the domain without reverse lookup and it failed. I issued the LS and GET commands from the domain with reverse lookup enabled and it worked. Thanks!

0 Helpful
Customers Also Viewed These Support Documents