oakie22
asked on
Cisco ASA 5505 firewall - how to open ports for FTP client?
For years, I used XP Pro and the command line to send files to an FTP server. Recently, I changed to Windows 7 Pro and also introduced a Cisco ASA 5505 firewall appliance- both on the client side. Now it fails, and I don't know which change is causing the problem (O/S? or firewall?).
Nothing has changed on the server end.
On the client end, the results are the same with Windows Firewall disabled.
From the Win7 command line, I can connect, but all attempts to send will end with "Connection closed by remote host." This is true using PASV mode, too.
If I use Filezilla GUI on the same PC, I can connect and send files.
On a different PC, a Win7 PC at my house, with no ASA, I can successfully connect AND send. This makes me suspect the ASA, rather than Windows.
However, the fact that Filezilla works (with the ASA in place) tends to suggest that the open ports on the ASA are NOT the problem.
http://www.mdjnet.dk/ftp.html - shows that FTP client needs 2-way data flow. (refer to case#3 and case#4 if interested)
How can Filezilla succeed while command line FTP fails on the same PC, behind the same firewall? Is the Windows command line FTP using different ports than Filezilla client?
Is it just a matter of opening port 20 and 21 to everything outside and everything inside? What's the syntax for that on the ASA?
Thanks for reading.
Nothing has changed on the server end.
On the client end, the results are the same with Windows Firewall disabled.
From the Win7 command line, I can connect, but all attempts to send will end with "Connection closed by remote host." This is true using PASV mode, too.
If I use Filezilla GUI on the same PC, I can connect and send files.
On a different PC, a Win7 PC at my house, with no ASA, I can successfully connect AND send. This makes me suspect the ASA, rather than Windows.
However, the fact that Filezilla works (with the ASA in place) tends to suggest that the open ports on the ASA are NOT the problem.
http://www.mdjnet.dk/ftp.html - shows that FTP client needs 2-way data flow. (refer to case#3 and case#4 if interested)
How can Filezilla succeed while command line FTP fails on the same PC, behind the same firewall? Is the Windows command line FTP using different ports than Filezilla client?
Is it just a matter of opening port 20 and 21 to everything outside and everything inside? What's the syntax for that on the ASA?
Thanks for reading.
ASKER
I don't know if I have the right settings in my firewall.
How can FileZilla be working if the required ports are not open?
How can FileZilla be working if the required ports are not open?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807ee585.shtml