cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1073
Views
0
Helpful
5
Replies

Cisco router FTP connection problem

ehognestad
Level 1
Level 1

I am trying to do a FTP connection from one of my servers that is behind a cisco router.

We have a server park where 3 servers are behind a cisco with local ip's, and 1 server that is public, and NOT behind the cisco.

I am trying to connect to an external FTP server without luck with the 3 servers behind the cisco. But the public one connects allright. The 3 servers behind the router is NAT'ed to local ips from public ones, in the router config.

This is the FTP config in the router right now:

(The ip is fake)

permit tcp host 207.190.199.99 eq ftp any conduit

permit tcp host 10.0.10.2 eq ftp any conduit

permit tcp any eq ftp any conduit

permit tcp any any eq ftp

These 3 servers are also in a VPN with a external company, if that information is of any relevance.

Just for information, this is not my field of work, I am a programmer, so if anyone needs more info, or didn't understand my problem - please advice me!

Best regards - Eivind (Sao Paulo - Brasil)

5 Replies 5

mvsheik123
Level 7
Level 7

Hi,

you can try by opening ftp-data port also. As ftp uses 20&21. If does not work, post the rtr config, someone will able to help you out.

hth

MS

FTP server could also require ports for forwarding passive FTP

ehognestad
Level 1
Level 1

Thanks guys for trying to help me, this is the rest of my config in the router:

- the ip that ends with 97 is the router

- the ip that ends with 98 is the server that works with ftp

- the ip that ends with 98 is the server that does not work

- the ip 200 series is our external partner with the vpn connection

ALL IP'S ARE OFCOURSE FAKE..

See next post for the actual config....

If someone could help me do some logging as well, maybe that could help me..

Thanks in advance!! Eivind

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list 100 permit ip host 299.999.999.99 host 200.000.000.22

access-list 100 permit ip host 299.999.999.99 host 200.000.000.129

access-list 100 permit ip host 299.999.999.99 host 200.000.000.127

access-list 100 permit ip host 299.999.999.99 host 200.000.000.137

access-list 100 permit ip host 299.999.999.99 host 200.000.000.139

access-list 100 permit ip host 299.999.999.99 host 200.000.000.155

access-list 100 permit ip host 299.999.999.99 host 200.000.000.156

access-list 100 permit ip host 299.999.999.99 host 200.000.000.157

access-list 100 permit ip host 299.999.999.99 host 200.000.000.158

access-list 100 permit ip host 299.999.999.98 host 200.000.000.22

access-list 100 permit ip host 299.999.999.98 host 200.000.000.127

access-list 100 permit ip host 299.999.999.98 host 200.000.000.137

access-list 100 permit ip host 299.999.999.98 host 200.000.000.139

access-list 100 permit ip host 299.999.999.98 host 200.000.000.155

access-list 100 permit ip host 299.999.999.98 host 200.000.000.156

access-list 100 permit ip host 299.999.999.98 host 200.000.000.157

access-list 100 permit ip host 299.999.999.98 host 200.000.000.158

access-list 100 permit tcp host 299.999.999.98 host 299.999.999.99

access-list 100 permit ip host 299.999.999.98 host 200.000.000.129

ehognestad
Level 1
Level 1

the rest of the config:

pager lines 24

logging on

logging buffered debugging

logging queue 8096

mtu outside 1500

mtu inside 1500

ip address outside 299.999.999.97 255.255.255.0

ip address inside 10.0.10.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm location 10.0.10.2 255.255.255.255 inside

pdm location 299.999.999.97 255.255.255.255 outside

pdm location 10.0.10.4 255.255.255.255 inside

pdm location 10.0.10.5 255.255.255.255 inside

pdm history enable

arp timeout 14400

nat (inside) 0 access-list 100

static (inside,outside) 299.999.999.99 10.0.10.2 netmask 255.255.255.255 0 0

static (inside,outside) 299.999.999.98 10.0.10.4 netmask 255.255.255.255 0 0

static (inside,outside) 299.999.999.96 10.0.10.5 netmask 255.255.255.255 0 0

conduit permit icmp host 299.999.999.99 any echo

conduit permit icmp host 299.999.999.99 any echo-reply

conduit permit icmp host 299.999.999.99 any source-quench

conduit permit icmp host 299.999.999.99 any unreachable

conduit permit icmp host 299.999.999.99 any time-exceeded

conduit permit icmp host 299.999.999.98 any echo

conduit permit icmp host 299.999.999.98 any echo-reply

conduit permit icmp host 299.999.999.98 any source-quench

conduit permit icmp host 299.999.999.98 any unreachable

conduit permit icmp host 299.999.999.98 any time-exceeded

conduit permit icmp any any

conduit permit tcp host 299.999.999.99 eq 8080 any

conduit permit tcp host 299.999.999.99 eq 8009 any

conduit permit tcp host 299.999.999.99 eq www any

conduit permit tcp host 299.999.999.99 eq ssh any

conduit permit tcp host 299.999.999.99 any

conduit permit tcp host 299.999.999.98 any

conduit permit tcp host 299.999.999.96 any

conduit permit tcp host 299.999.999.98 eq www any

conduit permit tcp host 10.0.10.4 host 10.0.10.2

conduit permit tcp host 10.0.10.2 host 10.0.10.4

conduit permit udp host 299.999.999.98 eq snmp any

conduit permit udp host 299.999.999.98 eq snmptrap any

conduit permit udp host 299.999.999.99 eq snmp any

conduit permit udp host 299.999.999.99 eq snmptrap any

conduit permit tcp host 299.999.999.98 eq 9101 any

conduit permit tcp host 299.999.999.98 eq 9102 any

conduit permit tcp host 299.999.999.98 eq 9103 any

conduit permit tcp host 299.999.999.99 eq 9103 any

conduit permit tcp host 299.999.999.99 eq 9102 any

conduit permit tcp host 299.999.999.99 eq 9101 any

conduit permit udp host 299.999.999.99 eq 9101 any

conduit permit udp host 299.999.999.99 eq 9102 any

conduit permit udp host 299.999.999.99 eq 9103 any

conduit permit udp host 299.999.999.98 eq 9101 any

conduit permit udp host 299.999.999.98 eq 9102 any

conduit permit udp host 299.999.999.98 eq 9103 any

conduit permit udp host 299.999.999.99 eq 1194 any

conduit permit udp host 299.999.999.98 eq 1194 any

conduit permit tcp host 299.999.999.99 eq ftp any

conduit permit tcp host 10.0.10.2 eq ftp any

conduit permit tcp any eq ftp any

conduit permit tcp any any eq ftp

route outside 0.0.0.0 0.0.0.0 299.999.999.1 1

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco