07-04-2007 12:03 PM - edited 02-21-2020 01:35 AM
I can't figure out why outbound ftp is not working. Could anyone help?
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service ExchangeOWA tcp
description Exchange Web and Mobile Access
port-object eq smtp
access-list inside_nat0_outbound extended permit ip any 192.168.100.0 255.255.255.192
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.123.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.222.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.111.0 255.255.255.0
access-list dzm extended permit ip any any
access-list dzm extended permit icmp any any
access-list ouside extended permit ip any any
access-list cont_in extended permit ip host 66.66.66.135 any
access-list outside extended permit tcp any host 66.66.66.133 object-group ExchangeOWA
access-list outside extended permit tcp any host 66.66.66.137 eq pptp
access-list outside extended permit gre any host 66.66.66.137
access-list outside extended permit icmp any any echo-reply
access-list outside_cryptomap_20 extended permit ip 192.168.0.0 255.255.0.0 192.168.123.0 255.255.255.0
access-list Split_tunnel_ACL standard permit 192.168.0.0 255.255.0.0
access-list outside_cryptomap_80 extended permit ip 192.168.1.0 255.255.255.0 192.168.111.0 255.255.255.0
access-list outside_cryptomap_60 extended permit ip 192.168.1.0 255.255.255.0 192.168.222.0 255.255.255.0
access-list inside extended permit tcp any host 66.201.66.66 eq pptp
access-list inside extended deny tcp any any eq pptp
access-list inside extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool CCCC-pool 192.168.100.1-192.168.100.50 mask 255.255.255.0
icmp permit any outside
icmp permit any inside
nat-control
global (outside) 10 interface
global (inside) 200 192.168.0.0 netmask 255.255.0.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 10 0.0.0.0 0.0.0.0
static (inside,outside) tcp 66.66.66.133 smtp 192.168.1.16 smtp netmask 255.255.255.255
static (inside,outside) tcp 66.66.66.133 www 192.168.1.16 www netmask 255.255.255.255
static (inside,outside) tcp 66.66.66.133 https 192.168.1.16 https netmask 255.255.255.255
static (inside,outside) 66.66.66.134 172.30.1.50 netmask 255.255.255.255
static (inside,outside) 66.66.66.137 192.168.1.10 netmask 255.255.255.255
access-group outside in interface outside
access-group inside in interface inside
route outside 0.0.0.0 0.0.0.0 66.66.66.129 1
route inside 192.168.1.0 255.255.255.0 192.168.10.2 1
route inside 172.30.1.0 255.255.255.0 192.168.10.2 1
route inside 172.20.20.0 255.255.255.0 192.168.10.2 1
route inside 192.168.101.0 255.255.255.0 192.168.10.2 1
route inside 192.168.102.0 255.255.255.0 192.168.10.2 1
route inside 192.168.103.0 255.255.255.0 192.168.10.2 1
route inside 192.168.106.0 255.255.255.0 192.168.10.2 1
route inside 192.168.6.0 255.255.255.0 192.168.10.2 1
route inside 192.168.3.0 255.255.255.0 192.168.10.2 1
route inside 192.168.2.0 255.255.255.0 192.168.10.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
port-forward sf 1222 192.168.1.1 243
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 30
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 10
console timeout 0
management-access inside
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map global-class
match any
!
policy-map global-policy
class global-class
csc fail-open
inspect pptp
class class-default
csc fail-close
07-04-2007 11:50 PM
Hi
Could you send full config and the source address you are ftp'ing from and the destination address.
Jon
07-05-2007 01:48 AM
07-05-2007 01:51 AM
the destinations could be ftp.microsoft.com or ftp.cuteftp.com
source could be 192.168.1.199
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide