ASA5505 Configure FTP on differnt port, ex. 58158

Unanswered Question
Oct 21st, 2009
User Badges:
  • Bronze, 100 points or more

Hi!

I'm trying to configure ASA 5505 to pass FTP connection to Win2003 IIS FTP server on port 58158.

Works fine with port 21 but not any other port.

I get : 227 Entering Passive mMode (192.168.1.10,142,158)

The server sent a passive answer with a non routable address.

This IP is the internal server address.

When I use port 21 the IP address above is the external address ocf the router and everything works fine.

Using static NAT rule Interface inside, server IP address. Translated Interface outside, use Interface IP address.

Enablr Port Address Translation, TCP port 21 to 21 (or 58158 to 58158)

Any idea?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Herbert Baerten Wed, 10/21/2009 - 06:49
User Badges:
  • Cisco Employee,

You'll have to configure FTP inspection for this port, e.g.:


class-map class-ftp

match port tcp eq 58158


policy-map global_policy

class class-ftp

inspect ftp


service-policy global_policy global


Actions

This Discussion