tammieR
asked on
ftp fails occasionally trying to go from my dmz to the inside
I have a batch file that runs on a windows server on my dmz that will ftp files every 15 minutes to my as/400 on the inside of my firewall. Occasionally, the ftp will fail. When I check the syslog on the firewall it shows a Reset-O packet coming from my Windows server on the dmz. I don't know what is causing this. I have asked for help from Cisco because my firewall is a PIX 515 and they said that the computer on the dmz is send a RESET request and causing the connection to drop. I called the vendor that supports the windows computer on the dmz and they tell me that the RESET is the result of a dropped connection by either my firewall or the computer on the inside of my firewall. Please help.
could be a reverse-DNS issue since it fails occasionally? don't know AS/400 well, Solaris does reverse lookup for ftp client, if you don't have a PTR record for your windows server, there maybe trouble.
Are you still working on this?
Have you found a solution?
Do you need more information?
This question will be classified as abandoned soon if we don't get some feedback from you.
Can you close out this question? See here for details:
https://www.experts-exchange.com/help.jsp#hs5
Thanks for your attention!
Have you found a solution?
Do you need more information?
This question will be classified as abandoned soon if we don't get some feedback from you.
Can you close out this question? See here for details:
https://www.experts-exchange.com/help.jsp#hs5
Thanks for your attention!
ASKER
I have been working with Cisco on this issue. They stated that there was a bug in version 6.3(3) of the PIX OS. I upgraded to 6.3(4) and had the problem once but can't seem to get the problem to happen again. Cisco claims that in version 6.3(3) there is a problem where the PIX will drop ftp connections on occasion.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'll have to side with Cisco on this one. If it was a PIX configuration issue, then it would either never work, or always work.
If you'd like, I can review your PIX config and perhaps see a way to make it easier..
Are you using the standard command-line ftp that comes in windows to put the files?
Typically when as/400 is involved, it turns out to be a routing issue on the as/400 learning a route to that subnet via a different gateway. I would look at the routing table on that box and make sure it is correct.
My first inclination would be to look at the logs on the as/400 and try to rule it out since it is closest to you and you control it.