A great troubleshooting tool in this situation would be a packet grabber such as EtherPeek. Capture traffic at the client location and at the outside of the PIX. Compare what is happening to what is expected. Without that information we can just guess.
Let's try to break the problem into smaller pieces. Can your inside users connect to any outside ftp site? For example (assuming that you have a Cisco Service Contract) can you download an IOS image? If so, the PIX is doing its job. Look to the client or server. Can your users ftp from another server? Does the problem occur with certain client software or certain users? For an understanding of FTP check the GroupStudy archives for posts by PriscillaO. Within the last several months she has posted very clear explanations several times. Other sources are http://war.jgaa.com/ftp The FTP Protocol Resource Center. Good links. http://cr.yp.to/ftp.html Your symptoms sound more like a client using active mode FTP. When the client goes to LIST the server tries to open a connection on port 20 which the firewall refuses. You might also want to look on CCO for two articles. "Poor or Intermittent FTP/HTTP Performance Through a PIX" and "PIX Performance Issues Caused by IDENT Protocol". I don't have a URL for them. > -----Original Message----- > From: Simer Mayo [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 08, 2002 6:18 PM > To: [EMAIL PROTECTED] > Subject: Passive FTP [7:48357] > > > The users are on the inside interface behind the PIX firewall > and are trying > to make an pftp connection to the outside world. They are > being authenticated > from the outside server but then the section hangs trying to do a list > command. The fixup protocol port 21 is enable on PIX and > there is no explicit > outbound restriction from the inside interface. The outside > server is using > port range 40000-40020 for passive FTP. I tried enabling this > range on the > fixup protocol too but it didn't work. > > Please advice > > Thanks much > > SM Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48364&t=48357 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
