Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Having trouble getting FTP to work on PIX 501

Posted on 2004-08-11
5
Medium Priority
?
1,111 Views
Last Modified: 2008-01-09
I have a newly installed PIX 501 that is working (finally).  The last thing I'm having trouble with is ftp.  I use port 2121 for ftp.  When I ftp i get prompted for username and password.  I enter in the information and then get an error that says "the connection with the server was reset"  I have tried this with passive on, and with passive off.  Still the same message.  I'm running kiwi syslog and this is the output.

Aug 11 2004 10:53:39: %PIX-6-302010: 8 in use, 27 most used
Aug 11 2004 10:52:19: %PIX-6-302014: Teardown TCP connection 3022 for outside:218.168.181.179/2093 to inside:192.168.1.10/4899 duration 0:00:01 bytes 56 TCP FINs
Aug 11 2004 10:52:18: %PIX-6-302013: Built inbound TCP connection 3022 for outside:218.168.181.179/2093 (218.168.181.179/2093) to inside:192.168.1.10/4899 (24.1.36.238/4899)
Keep-alive message
Aug 11 2004 10:48:10: %PIX-6-305012: Teardown static TCP translation from inside:192.168.1.10/2121 to outside:24.1.36.238/2121 duration 0:01:05
Aug 11 2004 10:48:07: %PIX-6-302014: Teardown TCP connection 3020 for outside:66.147.170.99/50410 to inside:192.168.1.10/2121 duration 0:00:50 bytes 243 TCP FINs
Aug 11 2004 10:47:39: %PIX-6-106015: Deny TCP (no connection) from 66.147.170.99/50411 to 24.1.36.238/2121 flags PSH ACK  on interface outside
Aug 11 2004 10:47:28: %PIX-6-106015: Deny TCP (no connection) from 66.147.170.99/50411 to 24.1.36.238/2121 flags PSH ACK  on interface outside
Aug 11 2004 10:47:22: %PIX-6-106015: Deny TCP (no connection) from 66.147.170.99/50411 to 24.1.36.238/2121 flags PSH ACK  on interface outside
Aug 11 2004 10:47:19: %PIX-6-106015: Deny TCP (no connection) from 66.147.170.99/50411 to 24.1.36.238/2121 flags PSH ACK  on interface outside
Aug 11 2004 10:47:18: %PIX-6-106015: Deny TCP (no connection) from 192.168.1.10/2121 to 66.147.170.99/50411 flags PSH ACK  on interface inside
Aug 11 2004 10:47:18: %PIX-6-106015: Deny TCP (no connection) from 66.147.170.99/50411 to 24.1.36.238/2121 flags PSH ACK  on interface outside
Aug 11 2004 10:47:17: %PIX-6-302014: Teardown TCP connection 3021 for outside:66.147.170.99/50411 to inside:192.168.1.10/2121 duration 0:00:01 bytes 271 Deny
Aug 11 2004 10:47:17: %PIX-4-406002: FTP port command different address: 66.147.170.99(192.168.101.130) to 192.168.1.10 on interface outside
Aug 11 2004 10:47:17: %PIX-6-302013: Built inbound TCP connection 3021 for outside:66.147.170.99/50411 (66.147.170.99/50411) to inside:192.168.1.10/2121 (24.1.36.238/2121)
Aug 11 2004 10:47:16: %PIX-6-302013: Built inbound TCP connection 3020 for outside:66.147.170.99/50410 (66.147.170.99/50410) to inside:192.168.1.10/2121 (24.1.36.238/2121)
Aug 11 2004 10:47:06: %PIX-6-302014: Teardown TCP connection 3019 for outside:66.147.170.99/50390 to inside:192.168.1.10/2121 duration 0:00:01 bytes 137 TCP FINs
Aug 11 2004 10:47:05: %PIX-6-302014: Teardown TCP connection 3018 for outside:66.147.170.99/50389 to inside:192.168.1.10/2121 duration 0:00:01 bytes 137 TCP FINs
Aug 11 2004 10:47:05: %PIX-6-302013: Built inbound TCP connection 3019 for outside:66.147.170.99/50390 (66.147.170.99/50390) to inside:192.168.1.10/2121 (24.1.36.238/2121)
Aug 11 2004 10:47:05: %PIX-6-302013: Built inbound TCP connection 3018 for outside:66.147.170.99/50389 (66.147.170.99/50389) to inside:192.168.1.10/2121 (24.1.36.238/2121)
Aug 11 2004 10:47:05: %PIX-6-305011: Built static TCP translation from inside:192.168.1.10/2121 to outside:24.1.36.238/2121


Thanks to anyone that can help

0
Comment
Question by:RayDoran
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 36

Expert Comment

by:grblades
ID: 11775576
Hi RayDoran,
> Aug 11 2004 10:47:17: %PIX-6-302014: Teardown TCP connection 3021 for
> outside:66.147.170.99/50411 to inside:192.168.1.10/2121 duration 0:00:01
> bytes 271 Deny
> Aug 11 2004 10:47:17: %PIX-4-406002: FTP port command different address:
> 66.147.170.99(192.168.101.130) to 192.168.1.10 on interface outside

From where are you testing the ftp server?
Are you testing it from a machine directly connected to the Internet?
You know you cannot test it from another machine behind the same PIX?
0
 

Author Comment

by:RayDoran
ID: 11777178
I'm at the office connecting back to the house.  I turned off passive, and directed it back to port 21 and its working.  I think it might be the settings in the ftp server.  
0
 
LVL 36

Expert Comment

by:grblades
ID: 11777217
Could it be a firewall issue at work?
0
 

Author Comment

by:RayDoran
ID: 11778130
I dont think so because it was working fine before i installed the PIX at the house.  I did test something.  I was able to login to the ftp server and look at the files.  I was even able to download some files, but when I try to upload it wants me to enter in username and password again and again and again.........  It will never upload the file.  I started and ftp program (flashfxp) and was able to upload and download just fine.  Not sure what the deal is??
0
 
LVL 36

Accepted Solution

by:
grblades earned 1500 total points
ID: 11779023
I can't see how the PIX could be causing that as you can connect and establish a data connection. Can you turn on logging on the ftp server so you can see all the commands and responses to it.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question