[c-nsp] ASA vs ISR ZBFW
Gert Doering
gert at greenie.muc.de
Fri Sep 9 12:26:34 EDT 2011
Hi,
On Fri, Sep 09, 2011 at 11:33:37AM -0400, Matthew Huff wrote:
> > Just last week I had a customer call due to weird issues with "passive
> > FTP is not working right"... but indeed that might have been an older
> > firmware release.
>
> Hmm, would it happen to have including a NetBSD or OpenBSD box?
> There have been some issues with some of the new FTP verbs (especially
> EPSV). Some ftp clients use the new EPSV verb without failing back
> correctly to PASV even over ipv4 connections (RFC2428). I've run
> into this a few times especially with older cisco load balancers.
Most likely it was one of those pesky clients using a FTP command that
has been standardized about 13 years ago...
(And when client and server supports it, how should the client know that
there is a middleware device in between that fails to follow 13-year-old
RFCs, and might cause breakage, and it might be necessary to fall back to
old-style commands? It's not like there was any indication of the problem,
the PIX just failed to properly open the data port...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20110909/8ed65eb7/attachment.pgp>
More information about the cisco-nsp
mailing list