Preview Tool

Cisco Bug: CSCta20975 - ftp inspection does not understand 50x replies from ftp server

Last Modified

Feb 01, 2017

Products (1)

  • Cisco ACE 4700 Series Application Control Engine Appliances

Known Affected Releases


Description (partial)


FTP data channel failed to be established. 
The ftp client gets a RST from the ACE.

This happens beacause the ftp client sends a
EPRT |1||44751|
to which the ftp replyes with an error, i.e.
501 EPRT: Operation not permitted

The ftp client understands the 501 error and tries again with the
PORT 141,38,30,212,174,207
command. At this point, the ACE closes the connection with a RST packet.

This is seen both in ACE module A2(1.5) and appliance A3(2.2).


The ftp client tries the EPRT command, ftp server does not accept (i.e. 501 or 500 error) and the ftp client tries the PORT command for the same purpose.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.