09-21-2007 09:02 PM - edited 03-11-2019 04:15 AM
Dear All,
I am setting up a test environment with the following configuration. Although I have created the ACL and also enable the Port re-direction, but I still not able to access the FTP server from the outside.
ASA Version 7.0(6)
!
hostname ACN-GW
domain-name anc.com
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 172.16.10.1 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
!
interface Ethernet0/2
nameif Student
security-level 50
ip address 192.168.101.1 255.255.255.0
!
nameif management
security-level 0
ip address 192.168.200.1 255.255.255.0
management-only
!
ftp mode passive
access-list acl_inbound extended permit tcp any host 172.16.10,1 eq ftp
access-list acl_inbound extended permit tcp any host 172.16.10.1 eq ftp-data
!
tcp-map map
!
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (Student) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 172.16.10.1 ftp 192.168.100.2 ftp netmask 255.255.255.255
static (inside,outside) tcp 172.16.10.1 ftp-data 192.168.100.2 ftp-data netmask 255.255.255.255
access-group acl_inbound in interface outside
route outside 0.0.0.0 0.0.0.0 172.16.10.2
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ftp
!
service-policy global_policy global
: end
Kindly advise, did I miss out something from the configuration.
JC
09-22-2007 03:11 AM
instead of
access-list acl_inbound extended permit tcp any host 172.16.10,1 eq ftp
it should read
access-list acl_inbound extended permit tcp any any eq ftp
09-30-2007 06:14 AM
Hi JC,
I have exactly the same issue as you. I also start a conversation: http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddff247
I don't have the answer rigth now. Do you find how to make it work?
Thanks
Ben
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide