Cisco Bug: CSCta20975 - ftp inspection does not understand 50x replies from ftp server
Feb 01, 2017
- Cisco ACE 4700 Series Application Control Engine Appliances
Known Affected Releases
Symptom: FTP data channel failed to be established. The ftp client gets a RST from the ACE. This happens beacause the ftp client sends a EPRT |1|18.104.22.168|44751| to which the ftp replyes with an error, i.e. 501 EPRT: Operation not permitted The ftp client understands the 501 error and tries again with the PORT 141,38,30,212,174,207 command. At this point, the ACE closes the connection with a RST packet. NOTE: This is seen both in ACE module A2(1.5) and appliance A3(2.2). Conditions: The ftp client tries the EPRT command, ftp server does not accept (i.e. 501 or 500 error) and the ftp client tries the PORT command for the same purpose.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases