• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1387
  • Last Modified:

Cisco ASA 5505 firewall - how to open ports for FTP client?

For years, I used XP Pro and the command line to send files to an FTP server. Recently, I changed to Windows 7 Pro and also introduced a Cisco ASA 5505 firewall appliance- both on the client side.  Now it fails, and I don't know which change is causing the problem (O/S? or firewall?).

Nothing has changed on the server end.

On the client end, the results are the same with Windows Firewall disabled.

From the Win7 command line, I can connect, but all attempts to send will end with "Connection closed by remote host." This is true using PASV mode, too.

If I use Filezilla GUI on the same PC, I can connect and send files.

On a different PC, a Win7 PC at my house, with no ASA, I can successfully connect AND send. This makes me suspect the ASA, rather than Windows.

However, the fact that Filezilla works (with the ASA in place) tends to suggest that the open ports on the ASA are NOT the problem.

http://www.mdjnet.dk/ftp.html - shows that FTP client needs 2-way data flow.  (refer to case#3 and case#4 if interested)

How can Filezilla succeed while command line FTP fails on the same PC, behind the same firewall? Is the Windows command line FTP using different ports than Filezilla client?

Is it just a matter of opening port 20 and 21 to everything outside and everything inside? What's the syntax for that on the ASA?

Thanks for reading.
0
oakie22
Asked:
oakie22
  • 2
1 Solution
 
giltjrCommented:
0
 
oakie22Author Commented:
I don't know if I have the right settings in my firewall.

How can FileZilla be working if the required ports are not open?
0
 
giltjrCommented:
Filezilla supports both active and passive data transfers.

The MS supplied command line ftp only support active data transfers.

It's possible you have eveything setup to support passive, but not active.

For active you need to allow inbound traffic to any high port, with a source port of 20.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now