FTP issues from Internal server

Unanswered Question
May 22nd, 2008

Hi all,

L3Switch --> ASA--> Internet router.

The Switch Does not have any default route configured but has BGP with Internet router. BGP injects default route in to Switch.

B* [200/0] via, 7w0d

ASA has OSPF enabled and the L3 switch as well. From any PC in the network if we check whatismyip.com: (ASA outside interface IP).

The problem here is we are trying to FTP to external site from a server iside the switch, it allows us to loginto site but any other command- immediately disconnects.


ftp> ls

500 Illegal PORT command

425 Unable to build data connection: Connection refused


The server can make successful FTP to internal servers at another location via P2P DS3 link. I tried 1. Removing the ACL on the internet router outside interface and also wilth passive FTP (from windows ftp client on server)- but no luck.

The destination has ports open for :

Please suggest...

Thank you


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
fortis123 Thu, 05/22/2008 - 12:30

Ok.. I got lucky with enabling 'inspect ftp' on ASA and removing ACL from Internet router external interface.

But as it is not a good idea to leave the external interface on the Internet rtr open, iam looking for a way to get thsi accomplished. This server currently has no public IP or static nat configured on the ASA. It hits the internet via Nat'ed IP of the ASA outside interface as any other servers/work stations.

So inorder to accomplish what Iam looking for do I need to have Static Public IP for the Internal server..? Also, what kind of ACL helps me out here from allowing FTP connections sourced from this server.

Thanks you in advance



This Discussion