setting up sftp cisco pix515e

[dalew430]

I need to be able to ftp files from a directory on my server to an scftp site. We're using CoreFtp to do this and when I try to connect I get the following error:
SFTP connection error - Connection timed out
Can't establish connection --> scftp.xxxxxx.com:22

 

[Supergrrover]

Do you have ftp inspection on?
The asa/pix won't allow secure ftp because it can't inspect the traffic. Also, is it active or passive?


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[dalew430]

What is ftp inspection? I did some research on Cisco's website and it says that the PIX doesn't support sftp. The workaround might be to acquire an ftp client that supports clear data channel. I'm not sure what you mean by active or passive. I'm very new to cisco routers. Thanks.

 

[Supergrrover]

the pix inspects traffic flowing through its interfaces. It knows certain protocols (ftp, www, https, smtp, ftp, etc.) it knows how those should behave and blocks unwanted behavior.

for 6.x its called "fixup"

read up on how ftp negotiates the data port from the command port. a quick google will explain it.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[dalew430]

We figured out ... thanks to all of you who responded. This is the best forum.