Not able to access FTP site behind PIX firewall

Posted on 2008-10-30
Last Modified: 2013-12-02
I published one FTP in IIS and it is working fine locally. If I try to access from out side, i am getting error " permission problem"  I installed filezilla FTP client and I got the below error:
Status:      Connecting to
Status:      Connection established, waiting for welcome message...
Response:      220 Microsoft FTP Service
Command:      USER anonymous
Response:      331 Anonymous access allowed, send identity (e-mail name) as password.
Command:      PASS **************
Response:      230 Anonymous user logged in.
Command:      SYST
Response:      215 Windows_NT
Command:      FEAT
Response:      211-FEAT
Response:          SIZE
Response:          MDTM
Response:      211 END
Status:      Connected
Status:      Retrieving directory listing...
Command:      PWD
Response:      257 "/" is current directory.
Command:      TYPE I
Response:      200 Type set to I.
Command:      PASV
Response:      227 Entering Passive Mode (192,168,1,9,5,5).
Status:      Server sent passive reply with unroutable address. Using server address instead.
Command:      LIST
Response:      425 Can't open data connection.
Error:      Failed to retrieve directory listing
I already forwarded ports 21 and 20 in pix to local FTP server.
What extra settings I need to access the FTP from outside through IE or Windows Explorer.

Question by:osigrp

Expert Comment

Comment Utility
Ftp uses more ports then 20 and 21, in your case i guess you need to forward port 1023 also.
You can also look at your pix log, to see why the connection is dropped.
see this article for more information on port use of FTP

Author Comment

Comment Utility
But How I can see the pix log?? any commands?

Accepted Solution

bml104 earned 500 total points
Comment Utility
assuming you have not internal access-list

fixup protocol ftp

Expert Comment

Comment Utility
Thanks. "fixup protocol ftp" worked for me.

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
Introduction People like FTP.  It's a solid, stable, robust protocol for quickly transferring files between two hosts using TCP/IP.  In most cases it's much faster than SMB or CIFS, and certainly much easier to set up between organizations.  This…
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now