Hi Thanveer,

Thank you for your reply, here is the topology :

Host --->Unmanage Hub ----> Router A ----> Provider Cloud ---->Router B ----> L3 Switch ----> FTP Server

Acctualy the link is from our branch to our head office, the routing from Router A to Router B managed by provider's team which i can't manage, so my question is should i do some extra configurations on my Cisco 4500 L3 Switch except static route on the gig interface...? since the provider said they are already opened all ports.

regards,

Deari AR

Hi Deari Rahman,

Host --->Unmanage Hub ----> Router A ----> Provider Cloud ---->Router B ----> L3 Switch ----> FTP Server

fine you might have provided a static route for your branch office in L3 something like this

for example your branch office address is 192.168.1.0 255.255.255.0

then in your router B

ip route 192.168.1.0 255.255.255.0 next hop

In your L3

ip route 192.168.1.0 255.255.255.0 next hop or exit interface.

In your RouterA managed by vendor, there must be routes to reach your network most likly a summary route....

Now my next questions are

1)whether you are to reach FTP server ip from your branch office or not?

2)what is output for the command telnet 192.168.5.1 21 (from your branch office pc which needs to connect your ftp sever with port ftp default.)

if any other port is defined on the server other than 21 it may be any port lets take 500 then you must be able to telnet with port 500.

if answer for q1 is yes and q2 is unable to connect then the ports are not open.

This might be on the firewall or on the router with access lists or on the server itself

Please dont forget to rate helpful posts

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Hi Thanveer,

Based on your example all routing was configured properly then, both of vendor and my side, but our FTP application still wont open if our branch host access, fyi our own ftp client application using active mode with port 3024, then regarding your questions here are my answers :

q1 : yes our branch should send and received data to head office via our own FTP app

q2 : the result saying welcome to Pure-ftpd [TLS] ---> 192.168.xx.xx 21

       the result saying 220 Microsoft FTP Services ----> 192.168.xx.xx 3024

i already turn off the windows firewall, but our FTP client app still cant established, do you think who should check the configuration, me side or vendor side..? if it's my side what i should to config then, if it's vendor side, what i should to prove then since they always said they are wasn't blocking any port. sorry if making you confuse, thank you

Regards,

Deari AR

Dear Thanveer,

Sorry for late reply, now the issued was closed, in fact the problem was on the vendor side, they did some reconfigurations on their routers and i did not modify my last configuration on my L3 Switch, and finally my FTP active mode passed properly, may my experience could help anyone who facing same problem like me, special thanks to Thanveer for all replies.

Regards,

Deari AR