cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
415
Views
0
Helpful
4
Replies

Need Help to get WAN access

mikntwd49508
Level 1
Level 1

Iinstalled FTP server today. Cannot access FTP from WAN.

# Here is what commands I did on router.

1) ip nat inside source static 10.1.0.10 21x.x.x.x (<-- X I hid vlaues for x)

2) ip access-list extended outside permit tcp any host 21x.x.x.37 eq ftp

3) ip access-list extended outside permit tcp any host 21x.x.x.37 eq ftp-data

# Here is what the router looks like: show RUN command

ip acccess-list extended Outside

permit tcp any host 21x.x.x.x eq ftp

permit tcp any host 21x.x.x.x eq ftp-data

# Here is my ACCESS-LISTS: show access-lists

Extended IP access list 145

10 permit tcp 216.0.0.0 0.255.255.255 any eq 22

Extended IP access list 170

10 permit tcp any host 21x.x.x.34 eq 587

Extended IP access list NAT

10 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255

20 deny ip 10.0.0.0 0.255.255.255 192.168.2.0 0.0.0.255 (12522210 matches)

30 permit ip 10.0.0.0 0.255.255.255 any (2978031 matches)

Extended IP access list Outside

10 permit tcp 63.146.60.0 0.0.0.255 any eq 22

20 permit tcp host 64.141.139.190 any eq 22

25 permit tcp any host 21x.x.x.37 eq ftp

26 permit tcp any host 21x.x.x.37 eq ftp-data

30 permit tcp any host 21x.x.x.35 eq www

40 permit tcp any host 21x.x.x.35 eq 443

50 permit tcp any host 21x.x.x.36 eq www

60 permit tcp any host 21x.x.x.36 eq 443

65 permit tcp any host 21x.x.x.34 eq 995

70 permit tcp any host 21x.x.x.34 eq smtp

75 permit tcp any host 21x.x.x.34 eq 587

80 permit tcp any host 21x.x.x.34 eq www

90 permit tcp any host 21x.x.x.34 eq 443

110 permit icmp any any echo-reply

120 permit esp any any

130 permit udp any any eq isakmp

140 permit udp any any eq non500-isakmp

150 deny ip any any log

Extended IP access list Policy-NAT

10 permit ip host 10.1.0.11 192.168.2.0 0.0.0.255 (5378531 matches)

Extended IP access list Split

10 permit ip 10.0.0.0 0.255.255.255 any

20 permit ip 192.168.1.0 0.0.0.255 any

Extended IP access list nat

Extended IP access list outside

Extended IP access list policy-nat

10 permit ip host 10.1.0.11 192.0.0.0 0.255.255.255

Extended IP access list unlock

10 permit ip any any (6489 matches)

20 permit gre any any

30 permit esp any any

40 permit ahp any any

50 permit icmp any any

4 Replies 4

jdevoll
Level 1
Level 1

Can you post a simple network diagram showing the relationship between your WAN, this router and the FTP server?

Can you post a 'show run int ' for all of the relevant interfaces on this router?

!

interface FastEthernet0/1.200

description INET

encapsulation dot1Q 200

ip address 216.x.x.33 255.255.255.248

no snmp trap link-status

Sorry, I just don't see enough information to be able to tell what is going on.

Can you post and a simple diagram demonstrating the relationship between the router in question, the FTP server, and the WAN would be very helpful. If you could include the interface designators in your diagram for the router in question that would help a lot to. (ergo, is the FTP server on the other side of S0/0, is the WAN side of the router G0/1/0 )

You need to specify which interface is outside and which is inside with "ip nat outside" and "ip nat inside" commands.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: