On Mon, Jan 26 2004 9:20 pm, user "Didier" posted the following message.....
No replies were posted to this message. Having just struggled and subsequently solved this problem at our site, I thought it worthwhile sharing the solution here. :)
The config for the FTP server in our DMZ contained an option (no_anon_password) to prevent the server from asking for a password when the anonymous user logs on. (i.e. the anonymous user will log straight in.)
However, the Cisco Firewall IOS relies on the fact that a password is provided by the client in order to satisfy its "ip inspect" rule for ftp. As far as the Cisco firewall is concerned, the FTP session *must* be password authenticated with the FTP server before further packets can be exchanged.
Therefore, ensure that the FTP (vsftpd) server config contains "no_anon_password=no" to overcome this problem.