Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
0
Helpful
3
Replies

Cisco Router 878 and WS_FTP Server 7

ThaMaster
Level 1
Level 1

‎11-12-2008 01:52 AM - edited ‎03-11-2019 07:12 AM

Hello a customer of us have a Cisco Router 878 and WS_FTP Server 7.

I have problems with contacting the server when I set up a connection I get the message from my server and he asks for my login credentials after I typed in de credentials the connection wil lost with the FTP Server.

I have already contact Ipswitch the manufacturer of WS_FTP Server they tell me that server is goog configured because it works in my internal LAN.

In the router I have configured the ports for FTP and I have also tried to set up a external IP adres with no firewall rules but that would work either. I hope someone can help me if you wish I can but my configuration online.

Labels:
0 Helpful
3 Replies 3

drolemc
Level 6
Level 6

‎11-18-2008 02:58 PM

Verify ACL configuration on router. To start FTP server with, activate ftp server write-enable that is deactivated in your config in the router.

0 Helpful

ThaMaster
Level 1
Level 1
In response to drolemc

‎11-19-2008 11:13 AM

I have tried the command that you give but I can't type it in. I will post the configuration maybe you can see something.

hostname router01

!

enable secret [PASSWORD]

!

ip cef

ip inspect name FIREWALL cuseeme

ip inspect name FIREWALL h323

ip inspect name FIREWALL netshow

ip inspect name FIREWALL rcmd

ip inspect name FIREWALL realaudio

ip inspect name FIREWALL rtsp

ip inspect name FIREWALL smtp

ip inspect name FIREWALL sqlnet

ip inspect name FIREWALL streamworks

ip inspect name FIREWALL tftp

ip inspect name FIREWALL tcp

ip inspect name FIREWALL udp

ip inspect name FIREWALL vdolive

ip inspect name FIREWALL icmp

ip inspect name FIREWALL dns

ip inspect name FIREWALL https

ip inspect name FIREWALL imap

ip inspect name FIREWALL pop3

ip inspect name FIREWALL ftp

no ip bootp server

ip domain name [DOMAIN-NAME]

ip name-server [DNS-SERVER]

ip name-server [DNS-SERVER]

!

username [USERNAME] privilege 15 secret [PASSWORD]

!

interface ATM0

no ip address

no ip mroute-cache

no atm ilmi-keepalive

!

interface ATM0.1 point-to-point

pvc 2/32

oam-pvc manage 3

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface FastEthernet0

no cdp enable

!

interface FastEthernet1

shutdown

no cdp enable

!

interface FastEthernet2

shutdown

no cdp enable

!

interface FastEthernet3

shutdown

no cdp enable

!

interface Vlan1

description Ethernet LAN

ip address 10.0.90.200 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

hold-queue 100 out

!

interface Dialer0

ip address [IP-PUBLIC] 255.255.255.248

ip access-group infilter in

ip inspect FIREWALL out

ip nat outside

ip virtual-reassembly

encapsulation ppp

no ip mroute-cache

dialer pool 1

no cdp enable

ppp authentication pap chap callin

ppp chap hostname [WAN-USERNAME]

ppp chap password [WAN-PASSWORD]

ppp pap sent-username [WAN-USERNAME] password [WAN-PASSWORD]

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

no ip http secure-server

!

ip dns server

ip nat inside source static tcp [IP-SERVER] 1024 interface Dialer0 1024

ip nat inside source static tcp [IP-SERVER] 888 interface Dialer0 888

ip nat inside source static tcp [IP-SERVER] 443 interface Dialer0 443

ip nat inside source static tcp [IP-SERVER] 25 interface Dialer0 25

ip nat inside source static tcp [IP-SERVER] 21 interface Dialer0 21

ip nat inside source static tcp [IP-SERVER] 990 interface Dialer0 990

ip nat inside source static tcp [IP-SERVER] 20 interface Dialer0 20

ip nat inside source route-map nonat interface Dialer0 overload

!

ip access-list extended infilter

permit udp any any eq ntp

permit tcp any any eq 123

permit tcp any any eq 443

permit tcp any any eq smtp

permit tcp any any eq ftp

permit tcp any any eq 990

permit tcp any any eq ftp-data

permit tcp any any eq 22

permit tcp any any eq 1723

permit gre any any

permit esp any any

permit icmp any any unreachable

permit icmp any any echo-reply

permit icmp any any packet-too-big

permit icmp any any time-exceeded

permit icmp any any traceroute

permit icmp any any administratively-prohibited

permit icmp any any echo

deny ip 10.0.0.0 0.255.255.255 any

deny ip 172.16.0.0 0.15.255.255 any

deny ip 192.168.0.0 0.0.255.255 any

deny ip 127.0.0.0 0.255.255.255 any

deny ip host 255.255.255.255 any

deny ip host 0.0.0.0 any

evaluate racl

deny ip any any log

!

access-list 1 permit 10.0.90.0 0.0.0.255

access-list 1 permit 192.168.101.0 0.0.0.255

access-list 1 deny any log

access-list 106 remark ----------------------

access-list 106 remark + access-list no nat +

access-list 106 permit ip 10.0.90.0 0.0.0.255 any

dialer-list 1 protocol ip permit

no cdp run!

!

route-map nonat permit 10

match ip address 106

0 Helpful

ThaMaster
Level 1
Level 1
In response to ThaMaster

‎11-19-2008 12:13 PM

I have found the problem of the FTP Server. On the server where the FTP software is installed there was running RRAS that now longer was in use when I disabled it the FTP Server works.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card