I have a single FTP server behind and ASA 7.2 firewall.
The FTP server is our primary FTP server and listens on the standard control port 21 using passive FTP.
We need to use the same server to run a separate instances of FTP but on control port 2121.
The first thing I thought of was to use port translation to translate 2 separate public IP addresses to the backend private IP server.
My problem is not know how exactly NAT and FTP inspection work on the ASA in this situation.
Currently my NAT configuration is 63.x.y.50 -> 220.127.116.11 with FTP inspection on port 21.
Everything works fine.
I would like to change the NAT from a standard 1 to 1 NAT to a Port Redirect translation:
18.104.22.168:21 -> 63.X.Y.50:21
22.214.171.124:2121 -> 63.X.Y.190:21
The backend server IP is the same with different ports. The public IPs are different with the same ports.
The question is will the ASA inspection engine still allow both FTP sessions secondary data connection and keep the connections straight.
If this was a standard source/destination port application, I believe this would work fine, but with the secondary FTP connection that must be opened and allowed using FTP inspection, I am not sure what will happen and I don't have a pix to test with.
Thanks for everyone's help in advance.