Solved: DMZ FTP server setup

ckuriyar74 · ‎06-23-2008

ASA 5510 with 8.0(3)

Iam trying to configure DMZ network and configure for FTP server access.

The FTP access is fine but when I configure DMZ interface to access from inside network, the FTP access from outside does not work.

The problem is that we can login to FTP site and unable to list folders & files and get the error message and also internet access will not work.

If I remove the access-group entry on DMZ interface FTP works fine and able to list folders & files and internet access works fine.

I have attached the config and can some one help me to resolve this issue.

Thanks,

Chandru

mohammed_moustafa · ‎06-24-2008

Hi,

how is it going with you, the problem is solved or what?

View solution in original post

dhananjoy chowdhury · ‎06-23-2008

Hi,

check the following

1. Whether the FTP server is in Active or passive mode ?

2. what packets / traffic are getting dropped from FTP server to the client outside?

mohammed_moustafa · ‎06-23-2008

Hi dear,

The problem is mainly caused by the denial of reply back traffic comming from the your FTP server. so there are two sollutions: firest in the DMZ access list allow traffic from FTP server to any on FTP ports OR, configure traffic inspection, you can use the default ASA inspection:

class-map inspection_default

match default-inspection-traffic

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 1500

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

!

service-policy global_policy global

I'm sure this will help.

Best regards,

mohammed_moustafa · ‎06-24-2008

Hi,

how is it going with you, the problem is solved or what?

ckuriyar74 · ‎06-27-2008

Hi,

It solved my issue, just miised traffic inspection. :)