Solved

Cisco ASA 5505 firewall - how to open ports for FTP client?

Posted on 2012-03-19
5
1,277 Views
Last Modified: 2012-04-18
For years, I used XP Pro and the command line to send files to an FTP server. Recently, I changed to Windows 7 Pro and also introduced a Cisco ASA 5505 firewall appliance- both on the client side.  Now it fails, and I don't know which change is causing the problem (O/S? or firewall?).

Nothing has changed on the server end.

On the client end, the results are the same with Windows Firewall disabled.

From the Win7 command line, I can connect, but all attempts to send will end with "Connection closed by remote host." This is true using PASV mode, too.

If I use Filezilla GUI on the same PC, I can connect and send files.

On a different PC, a Win7 PC at my house, with no ASA, I can successfully connect AND send. This makes me suspect the ASA, rather than Windows.

However, the fact that Filezilla works (with the ASA in place) tends to suggest that the open ports on the ASA are NOT the problem.

http://www.mdjnet.dk/ftp.html - shows that FTP client needs 2-way data flow.  (refer to case#3 and case#4 if interested)

How can Filezilla succeed while command line FTP fails on the same PC, behind the same firewall? Is the Windows command line FTP using different ports than Filezilla client?

Is it just a matter of opening port 20 and 21 to everything outside and everything inside? What's the syntax for that on the ASA?

Thanks for reading.
0
Comment
Question by:oakie22
  • 2
5 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 37740437
0
 

Author Comment

by:oakie22
ID: 37748343
I don't know if I have the right settings in my firewall.

How can FileZilla be working if the required ports are not open?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 37748492
Filezilla supports both active and passive data transfers.

The MS supplied command line ftp only support active data transfers.

It's possible you have eveything setup to support passive, but not active.

For active you need to allow inbound traffic to any high port, with a source port of 20.
0

Featured Post

Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VLAN Issue 4 67
Can't access router with user and pass 10 74
VPN Server Configuration in windows 7 7 36
Certifications 8 36
OfficeMate Freezes on login or does not load after login credentials are input.
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question