05-23-2008 12:42 AM - edited 03-11-2019 05:48 AM
Hi all,
I am a newbie for cisco pics and I wanted to add abasic NAT rule to my firewall to allow and redirect FTP requests from internet to one of my public adresses
194.250.0.50 to an internal computer 190.100.100.102.
using the web interface I added one nat rule:
static (outside,inside) 190.100.100.102 194.250.0.50 netmask 255.255.255.255 0 0
and allow incoming ftp requests:
access-list outside_access_in permit tcp host 190.100.100.102 eq ftp host 194.50.0.0 eq ftp
proxy arp is enabled
but when trying to connect from outside to 194.250.0.50 is denied
here is what I got in the log:
106023:Deny tcp src 195.115.153.23x/xxxx dst inside:ftpexternal/21 by access-group "outside_access_in"
ftpexternal stands for 194.250.0.50
Look's like my rule is not correct .
Can any one help me on the matter ?
05-23-2008 02:59 AM
Looks to me like your ACL is wrong - is should be:
access-list outside_access_in permit tcp host 195.115.153.23x host 194.250.0.50 eq ftp
That's assuming that you only want access from that one external host - you can have any host or network in there.
You don't need an ACL from 190.100.100.102 to 194.250 (in any case your ACL was referencing 194.50.0.0).
05-23-2008 03:53 AM
Thank's
I just want any network being able to connect to 194.250.0.50 using ftp .
05-23-2008 04:08 AM
So then:
access-list outside_access_in permit tcp any host 194.250.0.50 eq ftp
05-23-2008 04:11 AM
Also I think you have the static rule the wrong way round:
static (inside,outside) 194.250.0.50 190.100.100.102 netmask 255.255.255.255
At least that is how we do it here.
05-23-2008 04:53 AM
thank's it is working
thank's lot again
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: