ftp fails occasionally trying to go from my dmz to the inside

Posted on 2005-05-12
Last Modified: 2010-04-09
I have a batch file that runs on a windows server on my dmz that will ftp files every 15 minutes to my as/400 on the inside of my firewall.  Occasionally, the ftp will fail.  When I check the syslog on the firewall it shows a Reset-O packet coming from my Windows server on the dmz.  I don't know what is causing this.  I have asked for help from Cisco because my firewall is a PIX 515 and they said that the computer on the dmz is send a RESET request and causing the connection to drop.  I called the vendor that supports the windows computer on the dmz and they tell me that the RESET is the result of a dropped connection by either my firewall or the computer on the inside of my firewall.  Please help.
Question by:tammieR
    LVL 79

    Expert Comment

    >Occasionally, the ftp will fail
    I'll have to side with Cisco on this one. If it was a PIX configuration issue, then it would either never work, or always work.
    If you'd like, I can review your PIX config and perhaps see a way to make it easier..
    Are you using the standard command-line ftp that comes in windows to put the files?

    Typically when as/400 is involved, it turns out to be a routing issue on the as/400  learning a route to that subnet via a different gateway. I would look at the routing table on that box and make sure it is correct.

    My first inclination would be to look at the logs on the as/400 and try to rule it out since it is closest to you and you control it.
    LVL 6

    Expert Comment

    could be a reverse-DNS issue since it fails occasionally? don't know AS/400 well, Solaris does reverse lookup for ftp client, if you don't have a PTR record for your windows server, there maybe trouble.
    LVL 79

    Expert Comment

    Are you still working on this?
    Have you found a solution?
    Do you need more information?

    This question will be classified as abandoned soon if we don't get some feedback from you.

    Can you close out this question? See here for details:

    Thanks for your attention!

    Author Comment

    I have been working with Cisco on this issue.  They stated that there was a bug in version 6.3(3) of the PIX OS.  I upgraded to 6.3(4) and had the problem once but can't seem to get the problem to happen again.  Cisco claims that in version 6.3(3) there is a problem where the PIX will drop ftp connections on occasion.
    LVL 79

    Accepted Solution

    Thanks for the info!

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention‚Ķ
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now