Could not Access the FTP server from the outside interface (ASA 5510)

Unanswered Question
Sep 21st, 2007

Dear All,

I am setting up a test environment with the following configuration. Although I have created the ACL and also enable the Port re-direction, but I still not able to access the FTP server from the outside.

ASA Version 7.0(6)

!

hostname ACN-GW

domain-name anc.com

names

dns-guard

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 172.16.10.1 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 192.168.100.1 255.255.255.0

!

interface Ethernet0/2

nameif Student

security-level 50

ip address 192.168.101.1 255.255.255.0

!

nameif management

security-level 0

ip address 192.168.200.1 255.255.255.0

management-only

!

ftp mode passive

access-list acl_inbound extended permit tcp any host 172.16.10,1 eq ftp

access-list acl_inbound extended permit tcp any host 172.16.10.1 eq ftp-data

!

tcp-map map

!

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

nat (Student) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp 172.16.10.1 ftp 192.168.100.2 ftp netmask 255.255.255.255

static (inside,outside) tcp 172.16.10.1 ftp-data 192.168.100.2 ftp-data netmask 255.255.255.255

access-group acl_inbound in interface outside

route outside 0.0.0.0 0.0.0.0 172.16.10.2

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

inspect ftp

!

service-policy global_policy global

: end

Kindly advise, did I miss out something from the configuration.

JC

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
froggy3132000 Sat, 09/22/2007 - 03:11

instead of

access-list acl_inbound extended permit tcp any host 172.16.10,1 eq ftp

it should read

access-list acl_inbound extended permit tcp any any eq ftp

Actions

This Discussion