Not able to access FTP site behind PIX firewall

Posted on 2008-10-30
Last Modified: 2013-12-02
I published one FTP in IIS and it is working fine locally. If I try to access from out side, i am getting error " permission problem"  I installed filezilla FTP client and I got the below error:
Status:      Connecting to
Status:      Connection established, waiting for welcome message...
Response:      220 Microsoft FTP Service
Command:      USER anonymous
Response:      331 Anonymous access allowed, send identity (e-mail name) as password.
Command:      PASS **************
Response:      230 Anonymous user logged in.
Command:      SYST
Response:      215 Windows_NT
Command:      FEAT
Response:      211-FEAT
Response:          SIZE
Response:          MDTM
Response:      211 END
Status:      Connected
Status:      Retrieving directory listing...
Command:      PWD
Response:      257 "/" is current directory.
Command:      TYPE I
Response:      200 Type set to I.
Command:      PASV
Response:      227 Entering Passive Mode (192,168,1,9,5,5).
Status:      Server sent passive reply with unroutable address. Using server address instead.
Command:      LIST
Response:      425 Can't open data connection.
Error:      Failed to retrieve directory listing
I already forwarded ports 21 and 20 in pix to local FTP server.
What extra settings I need to access the FTP from outside through IE or Windows Explorer.

Question by:osigrp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 22839146
Ftp uses more ports then 20 and 21, in your case i guess you need to forward port 1023 also.
You can also look at your pix log, to see why the connection is dropped.
see this article for more information on port use of FTP

Author Comment

ID: 22839268
But How I can see the pix log?? any commands?

Accepted Solution

bml104 earned 500 total points
ID: 22840328
assuming you have not internal access-list

fixup protocol ftp

Expert Comment

ID: 24807653
Thanks. "fixup protocol ftp" worked for me.

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Licensing for Wi Fi 4 79
Cisco AnyConnect VPN 4 42
Cisco ASA 5510 Question 3 45
DHCP for a new, 2nd subnet 12 61
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Determining the an SCCM package name from the Package ID
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question