Problems with active FTP over Cisco Routers

Posted on 2010-01-06
Last Modified: 2013-11-12
Here is my setup.

My company connects to a vendor via MPLS over Cisco 1800 series routers.  We are having problems when we try and do active FTP to our vendors server.  We get packet retransmits.  The packets do not go through a firewall on our side only the router to get out but my vendor does have a firewall on his side.

My understanding is that this type of retransmit can occur if there is a firewall between you and the FTP server that does not have a inspect statement in place.  

What I am trying to do is rule out any issue on our side.  My thoughts are our routers are just forwarding the traffic.  There is no firewall on these routers so I can't see were there would be an active/passive issue until we get to the vendors fiirewall.  Am I missing something?

I have done a packet sniff in active an passive modes and it shows retransmits in active mode but not passive so I know it's not a media problem such as bad cable etc..  My problem is I can't see where this is happening but I suspect at their firewall.

Any help would be GREATLY apprecaited.
Question by:pclark6127
    1 Comment
    LVL 9

    Accepted Solution

    There is no firewall on your side, but is there any NAT? If there is no NAT on your side, then as you said, you are simply switching packets and it is very likely on their end.

    One other thing to check is for a software firewall on the FTP server machine. But I don't think even that would cause this issue.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now