Passive SSL ftp problem PIX 515
Posted on 2006-05-09
Hi Guys (again)
I am setting up an FTP server on the DMZ network of two PIX 515's. The FTP server is WS FTP Serverand has been configured with the correct out going IP address and port range for passive connections, here is the config for the machine I have on the PIX:
name 192.168.11.1 ftpserver
access-list outside_access_in permit tcp any host x.x.x.x eq ftp
access-list outside_access_in permit tcp any host x.x.x.x range 40000 5000
access-list outside_access_in permit tcp any host x.x.x.x eq https
static (DMZ,outside) x.x.x.x ftpserver netmask 255.255.255.255 0 0
When I try to connect I get this:
Started on Tuesday May 09, 2006 at 18:21:PM
Connect socket #780 to x.x.x.x, port 21...
220 ftp01.xxxxxxxxx.com X2 WS_FTP Server 5.0.5 (136235678)
234 SSL enabled and waiting for negotiation
TLSv1, cipher TLSv1/SSLv3 (DHE-RSA-AES128-SHA) - 128 bit
331 Password required
230 user logged in
Keep alive off...
257 "/users/xxxxxxx" is current directory
200 PRIVATE data channel protection level set
227 Entering Passive Mode (216,27,90,96,156,65).
Connect socket #856 to xxxxxxx, port 40001...
226 abort successful
If I try it Active it works fine!
Can anyone let me know what I have done wrong!
I do not have any fix ups configured (not even for ftp) as this seems to break it completely