Solved

Cisco ASA 5505 firewall - how to open ports for FTP client?

Posted on 2012-03-19
5
1,258 Views
Last Modified: 2012-04-18
For years, I used XP Pro and the command line to send files to an FTP server. Recently, I changed to Windows 7 Pro and also introduced a Cisco ASA 5505 firewall appliance- both on the client side.  Now it fails, and I don't know which change is causing the problem (O/S? or firewall?).

Nothing has changed on the server end.

On the client end, the results are the same with Windows Firewall disabled.

From the Win7 command line, I can connect, but all attempts to send will end with "Connection closed by remote host." This is true using PASV mode, too.

If I use Filezilla GUI on the same PC, I can connect and send files.

On a different PC, a Win7 PC at my house, with no ASA, I can successfully connect AND send. This makes me suspect the ASA, rather than Windows.

However, the fact that Filezilla works (with the ASA in place) tends to suggest that the open ports on the ASA are NOT the problem.

http://www.mdjnet.dk/ftp.html - shows that FTP client needs 2-way data flow.  (refer to case#3 and case#4 if interested)

How can Filezilla succeed while command line FTP fails on the same PC, behind the same firewall? Is the Windows command line FTP using different ports than Filezilla client?

Is it just a matter of opening port 20 and 21 to everything outside and everything inside? What's the syntax for that on the ASA?

Thanks for reading.
0
Comment
Question by:oakie22
  • 2
5 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 37740437
0
 

Author Comment

by:oakie22
ID: 37748343
I don't know if I have the right settings in my firewall.

How can FileZilla be working if the required ports are not open?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 37748492
Filezilla supports both active and passive data transfers.

The MS supplied command line ftp only support active data transfers.

It's possible you have eveything setup to support passive, but not active.

For active you need to allow inbound traffic to any high port, with a source port of 20.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now