ASA with MPF to control ftp speed

Rodrigo Gurriti · ‎04-28-2007

I got an ASA5505 to manage a small office and I'm having problems with the ftp/VPN/remote desktop

Users from the the SOHO vpn to the Central Office to do basic taks and some times the Central Office people do remote desktop to the SOHO.

The problem that I have is that an FTP site on the SOHO is consuming all bandwith from the dsl.

How do I implement an MPF on my ASA5505 to keep the traffic from my ftp server around 18k/s ? Since the ftp opens a random port for transfer ?

Thank you !!!

Rodrigo Gurriti · ‎04-29-2007

Well since no one could figure that out I did :)

Just for the record here is how its done

Go to the ftp program and specify the passive ftp port numbers.

Then create static entries for the ports used (active mode port 20) ( passive mode port selected by the you on the ftp program)

then you do an access list with the source of

your FTP server and the passive ports and active port (20)

use that on your class-map

them use the class-map on your police map

then use it on your service map

I got kind confused about the directions on the access list (because on the data transfer the ftp server is always the source) but http://slacksite.com/other/ftp.html helped me out to know that the ftp server passive or active when transferring the data is always the source