Unable to do FTP via ASA

ankurs2008 · ‎04-10-2008

Hi All

Urgent help required

We are having one ASA5520 , ASA Version 7.2(2) (AIP-SSM Module integrated , IPS in Inline mode) which is the internal firewall . Behind it there are various VLANs where all the users sit . ASA connects to perimeter which is Checkpoint firewall which leads to internet . The issue is that when we try to do a FTP (CLI) from inside user IP Range 192.168.X.X(Hide NATTED for internet access in Checkpoint fw) and download a file say around 5 MB , the downloading happens for a few minutes and gets stuck in between.Howver sometimes it finishes successfuly also ; however sometimes it gets stucked.We have tried connecting the machine just behind the checkpoint firewall (i.e without packet crossing ASA) and the same works fine . Please can any one tell me how to rectify the same . I am attaching few snapshots and some of the details with this post

Regards

Ankur

bauti1428 · ‎04-11-2008

How are the rules set from checkpoint to the ASA? Is it all open from the checkpoint to the ASA or only certain ports are open on the checkpoint?

ankurs2008 · ‎04-13-2008

Hi

The design is as below

Users -> L3 -> ASA - > Checkpoint -> Internet

The rules for FTP port in asa and checkpoint are enabled for the user LAN. Also the users are NATTED behind the outside interface in Checkpoint to go out for FTP on any destination

Regards

Ankur