Problems with ASA 5520

Answered Question
Dec 20th, 2007
User Badges:

Hello all,

I am having dificulties migrating from a PIX to an ASA 5520 8.0(3).

I have the nat translations of the DMZs servers and the access list in the outside interface as see below:

access-list outside_access_in extended permit tcp any host FTP range ftp-data ftp

static (DMZ,outside) x.y.z.a FTP netmask 255.255.255.255

But when i try to connect to the outside natted address, the log says that the connection is denied due to the access list.

when I try a sh nat DMZ FTP, it says:

match ip DMZ host FTP outside any

static translation to x.y.z.a

translate_hits = 0, untranslate_hits = 52

It seems it is not being translated

Any ideas?

Correct Answer by acomiskey about 9 years 4 months ago

access-list outside_access_in extended permit tcp any host FTP range ftp-data ftp


should be...


access-list outside_access_in extended permit tcp any host x.y.z.a range ftp-data ftp


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
acomiskey Thu, 12/20/2007 - 08:25
User Badges:
  • Green, 3000 points or more

access-list outside_access_in extended permit tcp any host FTP range ftp-data ftp


should be...


access-list outside_access_in extended permit tcp any host x.y.z.a range ftp-data ftp


nachete1979 Fri, 12/21/2007 - 02:02
User Badges:

Then, my question is, does the ASA work in a different way than the PIX regarding access-list?

I mean, does pix do first nat and later control and asa vice versa?

BR

acomiskey Fri, 12/21/2007 - 06:10
User Badges:
  • Green, 3000 points or more

No, they work the same way.

Actions

This Discussion