DMZ FTP server setup

Answered Question
Jun 23rd, 2008
User Badges:

ASA 5510 with 8.0(3)

Iam trying to configure DMZ network and configure for FTP server access.

The FTP access is fine but when I configure DMZ interface to access from inside network, the FTP access from outside does not work.

The problem is that we can login to FTP site and unable to list folders & files and get the error message and also internet access will not work.

If I remove the access-group entry on DMZ interface FTP works fine and able to list folders & files and internet access works fine.

I have attached the config and can some one help me to resolve this issue.



Correct Answer by mohammed_moustafa about 8 years 10 months ago


how is it going with you, the problem is solved or what?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
dhananjoy chowdhury Mon, 06/23/2008 - 04:12
User Badges:
  • Silver, 250 points or more


check the following

1. Whether the FTP server is in Active or passive mode ?

2. what packets / traffic are getting dropped from FTP server to the client outside?

mohammed_moustafa Mon, 06/23/2008 - 04:28
User Badges:

Hi dear,

The problem is mainly caused by the denial of reply back traffic comming from the your FTP server. so there are two sollutions: firest in the DMZ access list allow traffic from FTP server to any on FTP ports OR, configure traffic inspection, you can use the default ASA inspection:

class-map inspection_default

match default-inspection-traffic



policy-map global_policy

class inspection_default

inspect dns maximum-length 1500

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp


service-policy global_policy global

I'm sure this will help.

Best regards,

ckuriyar74 Fri, 06/27/2008 - 00:25
User Badges:


It solved my issue, just miised traffic inspection. :)


This Discussion