[Last Call] Learn how to a build a cloud-first strategyRegister Now


Configure Cisco PIX 515e to allow ftp traffic

Posted on 2007-09-29
Medium Priority
Last Modified: 2012-06-27
I am having problems configuring a PIX 515e to allow ftp traffic to a Windows 2k3 Server.

The ftp box is at and I am able to ftp from inside but am having problems hitting it from outside.

The outside IP address I have for the ftp server is x.x.x.x

Attached is my config file. I don't know what I am missing.

Please advise:

PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4

: end
Question by:marduk666777666
  • 2
LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 19985711
>PIX Version 6.3(3)
There are some bugs in this PIX OS version. Suggest saving the config that you have (it looks correct) and reboot the PIX.
If that doesn't work, check the default gateway of the FTP server.
Check access list hitcounters
  show access-list internet

Highly suggest upgrading to at least 6.3(5). You might even consider upgrading to 7.x or even 8.x. 8.0 has some really neat features and the ASDM GUI is out of this world...

FYI - your global default route makes all of your static routes to the same gateway superfulous and unnecessary. I believe in a clean uncluttered config and would get rid of them.
I would also suggest using a network object-group for your blocked hosts. It is easier to add/subtract individual hosts/subnets from the group than to add/subtract individual access-list entries, and your access-list stays a streamlined 2 lines long no matter how many blocked hosts.


Expert Comment

ID: 19985842
Possible solutions for you:
1) Remove fixup protocol ftp 21
2) Upgrade to the latest GD release of PIX IOS


Expert Comment

ID: 19988161
Please, go ahead and remove it immediately if it's a security concern.

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question