Guest

Preview Tool

Cisco Bug: CSCvt26067 - Active FTP fails when secondary interface is used on FTD

Last Modified

Sep 17, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.12(3.215)

Description (partial)

Symptom:
FTP Client able to connect to the FTP server, however unavailable to list the directory from the FTP server.

Conditions:
- FTD with dual ISP scenario, with floating default route configured and preferred are configured as the following example:

route outside 0.0.0.0 0.0.0.0 <ISP1> 10
route backup 0.0.0.0 0.0.0.0 <ISP2> 100

- FTP Server on inside interface (or any internal network). 
- Active FTP mode transfer.
- Client reaching the FTD on the backup interface
- FTP Server NATed on the backup interface, example:

FTP-Server-Real
host 192.168.10.20 << Example IP
nat (inside,backup) static FTP-Server-Mapped service tcp ftp ftp

FTP-Server-Mapped
host <IP_on_same_broadcast_domain_as_backup>
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.