04-18-2009 05:46 AM - edited 03-09-2019 10:14 PM
Dear All,
I am not able to access FTP from internal network or office, if i connect from other then my office i can access.
What port i have to enable on ASA 5510 & ISA???
04-18-2009 06:19 PM
Hi,
I assume that the office connected interface is configured as inside with security-level 100.
Check the following:
1. ACL bounded to inside interface
asa(config)# show run access-group
if it results: access-group inside_access_in in interface inside
then: show run access-list inside_access_in
verify if the acl has: access-list insidie_access_in permit tcp 192.168.57.0 255.255.255.0 any eq ftp
where 192.168.57.0 is your office network.
if your network has no such acl add one.
2. Check your service policy
run command:asa(config)# sh run service-policy
check: if there is global_policy or interface policy applied to inside interface.
3. Check what protocols are inspected
run command: sh run policy-map
find: the policy and verify "inspect ftp" is there in inside class-map of policy-map applied to inside interface.
if you don't find one, add one.
If possible, post your config for review
H2H
Roshan
04-19-2009 04:39 AM
Dear Roshan,
Thanks for your answer, but i would like to elaborate.....i have my ftp server some outside my network on a public ip n from my network i cannot access it.i have enable the port 20 & 21 but still i m not able to access....
04-20-2009 04:53 AM
Further to Roshans earlier post, once the ACL is added (or confirmed that you have one) run the following command to ensure that the ACL has a hit count.
sho access-list
Also, ensure that this FTP server is accessible from the outside of your network, if possible setup a directly connected machine to your internet connection (purely for testing!)
HTH
Steve
04-20-2009 11:50 PM
Dear ,
Below is the access-list which are configured on ASA. But still i am not able to access FTP site.
access-list out-in line 22 extended permit tcp any eq ftp any eq ftp (hitcnt=0)
access-list out-in line 23 extended permit tcp any gt 1023 any gt 1023 (hitcnt=3517)
access-list out-in line 24 extended permit tcp any eq ftp-data any eq ftp-data (hitcnt=0)
04-21-2009 12:28 AM
Please can you post your access-group config so I can see what direction the ACLs have been applied.
Steve
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide