08-31-2012 08:30 AM - edited 03-04-2019 05:26 PM
Hello!
I'm having some trouble with an ftp server. Our setup is composed of a server connected to an 877va router. All of the clients would access this service from the internet, so no specific configurations have been done. The problem we are having comes up when FTPS is used. All of the clients and the server have no problems accessing the internet and are able to communicate only if we use normal FTP, both in passive and active mode. The problem i have happens when we set FTPS, the clients manage to access the server and autenthica themselves but the connection simply stops when it's time to recieve any information about the files. Before thst there semms to be no problem. Is there any kind of specific configuratione my router needs when using FTPS? No client is currently using any firewall and several ftp clients have worked WITHOUT encryption. This is the current config on the router:
!
! Last configuration change at 10:50:02 UTC Fri Aug 31 2012
! NVRAM config last updated at 11:00:50 UTC Fri Aug 31 2012
! NVRAM config last updated at 11:00:50 UTC Fri Aug 31 2012
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-2642403697
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2642403697
revocation-check none
rsakeypair TP-self-signed-2642403697
!
!
crypto pki certificate chain TP-self-signed-2642403697
certificate self-signed 01 nvram:IOS-Self-Sig#4.cer
!
!
!
!
ip dhcp pool sdm-pool
import all
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8 8.8.8.4
default-router 192.168.1.1
!
!
ip domain list 8.8.8.8
ip domain retry 5
ip domain timeout 60
ip name-server 85.37.17.49
ip name-server 85.38.28.91
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887VA-SEC-K9 sn FCZ1620C1J1
!
!
username ######## privilege 15 password 0 ########
!
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
!
!
interface Ethernet0
no ip address
ip nat inside
ip virtual-reassembly in
shutdown
!
interface ATM0
no ip address
ip mtu 1492
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1452
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
description Interfaccia Interna Router
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
ip address 95.###.###.### 255.255.255.248
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp chap hostname ########
ppp chap password 0 ########
ppp pap sent-username ######## password 0 ########
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip dns view default
domain timeout 60
domain retry 5
ip nat translation timeout never
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.48 20 95.###.###.### 20 extendable
ip nat inside source static tcp 192.168.1.48 21 95.###.###.### 21 extendable
ip nat inside source static tcp 192.168.1.48 22 95.###.###.### 22 extendable
ip nat inside source static tcp 192.168.1.48 989 95.###.###.### 989 extendable
ip nat inside source static tcp 192.168.1.48 990 95.###.###.### 990 extendable
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 40 0
privilege level 15
login local
terminal-type monitor
transport input telnet ssh
!
end
FTPS works fine if the client is connected to the 887VA router. Thanks for your help!
09-01-2012 04:57 AM
Update IOS.
09-05-2012 01:19 AM
Updating didn't seem to solve the problem. Is there anything else you think can be done?
Thnaks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide