FTP passive problem with PIX 515E

Discussion in 'Cisco' started by Diego Fernández, Mar 7, 2006.

  1. Hi,

    Sorry for my very bad english. ¿Can you speak spanish?

    I publish a Microsoft FTP Server through Cisco PIX 515E with static PAT.
    In active (port) mode works fine, because in passive mode any command
    receive response and a time out is received.
    I use fixup command for ftp to port 21.
    The static pat redirect ports tcp-udp 20 and 21, and access rules permit
    trafic to ports TCP-UDP 20 and 21.

    What is my problem?

    Very thanks,
    Diego Fernández
    Diego Fernández, Mar 7, 2006
    #1
    1. Advertising

  2. * Diego Fernández wrote:
    > In active (port) mode works fine, because in passive mode any command
    > receive response and a time out is received.
    > I use fixup command for ftp to port 21.


    Fine.

    > The static pat redirect ports tcp-udp 20 and 21, and access rules permit
    > trafic to ports TCP-UDP 20 and 21.


    Drop static and access-list for port 20. Then fixup can work.
    Drop static and access-list for protocol udp.
    Lutz Donnerhacke, Mar 7, 2006
    #2
    1. Advertising

  3. Hi,
    I delete de static access-list for port 20.
    I delete de static access-list for protocol udp.

    In active mode works fine because in passive mode not work.

    Can help me?
    Very thanks.

    Diego Fernández

    PD. Sorry for my bad english.

    "Lutz Donnerhacke" <> escribió en el mensaje
    news:-jena.de...
    >* Diego Fernández wrote:
    >> In active (port) mode works fine, because in passive mode any command
    >> receive response and a time out is received.
    >> I use fixup command for ftp to port 21.

    >
    > Fine.
    >
    >> The static pat redirect ports tcp-udp 20 and 21, and access rules permit
    >> trafic to ports TCP-UDP 20 and 21.

    >
    > Drop static and access-list for port 20. Then fixup can work.
    > Drop static and access-list for protocol udp.
    Diego Fernández, Mar 7, 2006
    #3
  4. * Diego Fernández wrote:
    > In active mode works fine because in passive mode not work.


    Then your pix or your config is broken. You may post the relevant part of
    your config, if possible.
    Lutz Donnerhacke, Mar 7, 2006
    #4
  5. Lutz Donnerhacke <> wrote:
    > * Diego Fernández wrote:
    >> In active (port) mode works fine, because in passive mode any command
    >> receive response and a time out is received.
    >> I use fixup command for ftp to port 21.

    >
    > Fine.
    >
    >> The static pat redirect ports tcp-udp 20 and 21, and access rules permit
    >> trafic to ports TCP-UDP 20 and 21.

    >
    > Drop static and access-list for port 20. Then fixup can work.
    > Drop static and access-list for protocol udp.


    How UDP is related to FTP (either active, or passive)?

    --
    andrei
    Andrei Ivanov, Mar 7, 2006
    #5
  6. Thanks to all.
    FTP is working.
    The problems is that the FTP Server had 2 Ip's, because only one is public
    though PIX.
    When de FTP server send port command (in passive mode) is sendind with IP
    not published.

    Very thanks for your interesting.

    Sorry for my very bad english.
    Diego Fernández


    "Diego Fernández" <> escribió en el mensaje
    news:dukb0i$qef$-data.net...
    > Hi,
    > I delete de static access-list for port 20.
    > I delete de static access-list for protocol udp.
    >
    > In active mode works fine because in passive mode not work.
    >
    > Can help me?
    > Very thanks.
    >
    > Diego Fernández
    >
    > PD. Sorry for my bad english.
    >
    > "Lutz Donnerhacke" <> escribió en el mensaje
    > news:-jena.de...
    >>* Diego Fernández wrote:
    >>> In active (port) mode works fine, because in passive mode any command
    >>> receive response and a time out is received.
    >>> I use fixup command for ftp to port 21.

    >>
    >> Fine.
    >>
    >>> The static pat redirect ports tcp-udp 20 and 21, and access rules permit
    >>> trafic to ports TCP-UDP 20 and 21.

    >>
    >> Drop static and access-list for port 20. Then fixup can work.
    >> Drop static and access-list for protocol udp.

    >
    >
    Diego Fernández, Mar 9, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michel Hoogervorst

    Disable passive ftp in Mozilla 1.4

    Michel Hoogervorst, Jul 29, 2003, in forum: Firefox
    Replies:
    0
    Views:
    7,308
    Michel Hoogervorst
    Jul 29, 2003
  2. brian

    ftp passive command

    brian, Nov 22, 2003, in forum: Cisco
    Replies:
    0
    Views:
    566
    brian
    Nov 22, 2003
  3. Matthias Fischer

    Any chance for passive FTP with this config?

    Matthias Fischer, Jan 31, 2004, in forum: Cisco
    Replies:
    0
    Views:
    624
    Matthias Fischer
    Jan 31, 2004
  4. Arterion
    Replies:
    0
    Views:
    823
    Arterion
    Nov 9, 2007
  5. beso
    Replies:
    0
    Views:
    968
Loading...

Share This Page