Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't Send Or Receive via FTP (Netscreen 5GT)

Status
Not open for further replies.

izatech

IS-IT--Management
Oct 27, 2005
11
CA
Hello,

I hope someone out there can help with this problem I'm having.

I have a Netscreen-5GT Device at a satellite location that is tunneled over the Internet to the head office Device that is a NetScreen-25.

To make matters a little more complicated I do not have access to the configuration of either of these devices because this has been outsourced to a third party that provided the above mentioned equipment. Radiant Communications is the company.

I've set up a FTP script on a XP Pro SRP2 box that is behind the 5GT device that is scheduled to run every night to upload files to a FTP server that is running at the head office behind the NS25 device.

The problem:
I cannot send (PUT) or receive (GET) any data through this tunnel. I get authenticated with no problems but every time I try to transfer a file it will start, then right away stall/Hang until a time out occurs or I manually disconnect the session.

Tech support at Radiant has been no help since they just reply with that the tunnel is there and running.

I've been searching the web reading up on XP firewall issues, I've disabled the firewall. I've put exceptions for ftp in the firewall. None of which solved the problem.

Here is the kicker; I can FTP to any site that is outside of the tunnel. And I currently have it limping along this way, but I really need to have this FTP traffic going through the VPN tunnel. I am at my wits end and I need help.

Regards.
izatech
 
You really should get Radiant to have someone troubleshoot the firewalls. Simple "debug flow basic" commands on both firewalls while you run your test would likely point to where the problem is. Without this data you really do not have much to go on. About the only thing you can do w/o access to the firewalls is run sniffers on your networks to determine if the traffic makes it to the firewalls and if at the other end the traffic egresses properly. If not then the problem is likely the firewall configs.
 
As long as the tunnel comes up and the policies are in place, you should be fine.

Don't rule out the FTP connection itself. Some ftp clients use ports that are WAY WAY up there, and sometimes other systems or firewalls don't like it. We had a situation very much like this one where ftp would be initiated on port 20 or 21 and then switch to port 63000+ or something for the data transfer. This was fine going across both our and our trading partners firewalls, but the *software firewall* on our mainframe was kicking it out because it was too high. The end result was a successful login, and then an extended hang.

"I would rather have a free bottle in front of me, than a pre-frontal lobotomy..."

-Shrubble
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top