09-21-2007 09:02 PM - edited 03-11-2019 04:15 AM
Dear All,
I am setting up a test environment with the following configuration. Although I have created the ACL and also enable the Port re-direction, but I still not able to access the FTP server from the outside.
ASA Version 7.0(6)
!
hostname ACN-GW
domain-name anc.com
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 172.16.10.1 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
!
interface Ethernet0/2
nameif Student
security-level 50
ip address 192.168.101.1 255.255.255.0
!
nameif management
security-level 0
ip address 192.168.200.1 255.255.255.0
management-only
!
ftp mode passive
access-list acl_inbound extended permit tcp any host 172.16.10,1 eq ftp
access-list acl_inbound extended permit tcp any host 172.16.10.1 eq ftp-data
!
tcp-map map
!
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (Student) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 172.16.10.1 ftp 192.168.100.2 ftp netmask 255.255.255.255
static (inside,outside) tcp 172.16.10.1 ftp-data 192.168.100.2 ftp-data netmask 255.255.255.255
access-group acl_inbound in interface outside
route outside 0.0.0.0 0.0.0.0 172.16.10.2
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ftp
!
service-policy global_policy global
: end
Kindly advise, did I miss out something from the configuration.
JC
09-22-2007 03:11 AM
instead of
access-list acl_inbound extended permit tcp any host 172.16.10,1 eq ftp
it should read
access-list acl_inbound extended permit tcp any any eq ftp
09-30-2007 06:14 AM
Hi JC,
I have exactly the same issue as you. I also start a conversation: http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddff247
I don't have the answer rigth now. Do you find how to make it work?
Thanks
Ben
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: