FTP PORT command sends the wrong IP address for data channel over VPN

Discussion in 'Cisco' started by steve.wadlow, May 3, 2005.

  1. steve.wadlow

    steve.wadlow Guest

    I hope this is the correct newsgroup for this item. Please let me know
    if this should be posted elsewhere.

    We have noticed that when using FTP over a VPN, PDAs send the wrong ip
    address for the data channel.

    We are using an ISP to connect to the internet, at which point the ISP
    provides a public IP address. We then connect to an internal VPN and
    receive a private IP address. At this point I believe the client device
    would be aware of both ip addresses.

    When using simple FTP client applications (CedeFTP, etc.) to connect to
    an FTP server inside the VPN, the PDA supplies the correct IP address
    (VPN private address) and sucessfully establishes a connection to the
    server. However, when the FTP client issues commannds that require a
    data port, the PDA sends the ISP public ip address in the PORT command.
    The server indentifies a change in the IP address and disallows the
    connection for the data channel.

    Currently we are testing with only active mode. We have not focused our
    efforts on passive mode, as I believe that requires the opening of all
    ports greater then 1024. Additionally, we have an application which
    currently uses only active mode. Though we could change the application
    to use either mode, we would still have the issue of opening the
    additional ports.

    Currently we are testing with the following:
    * iPAQ 4700
    * Movian VPN Client (end of life occurred Nov of last year)
    * CedeFtp and ScottyFtp

    We would greatly appreciate any advice on this issue.
    steve.wadlow, May 3, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.