12-30-2009 02:42 PM - edited 03-11-2019 09:52 AM
I can't get through the firewall on port 5052. I'm using firezilla and it says that it does not recognize an unroutable address. it works over the vpn so it's something to do with the asa.
12-30-2009 03:20 PM
Do you have firewall rules opened for this port?
Regards,
jerry
12-30-2009 04:02 PM
Yes. A static and an access list.
12-30-2009 06:16 PM
Assuming static means static NAT. With limited information, I can only suggest two things.
1) Make sure all routing is correct when access through the firewall. Verify it with ping and traceroute
2) Remove FTP inspection (fixup) and re-test
Regards,
jerry
12-30-2009 06:32 PM
This is all I have right now. I tried removing inspect with no luck.
access-list incoming extended permit tcp any host 68.216.158.101 eq 5052
static (inside,outside) tcp 68.216.158.101 5052 192.168.1.171 5052 netmask 255.255.255.255
12-30-2009 08:02 PM
Have you check your routing? (Not VPN)
You can also try to put a deny ip any any log at the end of the incoming ACL and send all the log to a syslog server to inspect what else is being blocked.
Regards,
jerry
01-01-2010 01:01 PM
Hello,
If you wish to pass FTP traffic through your Firewall on NON STANDARD ports, then in order to make it work, please add the following MPF (modular Policy Framework) :-
Lets assume you have FTP server (1.1.1.1) on outside of your ASA , and you have clients in inside which needs to access the server. First of all, remove inspect ftp from global_policy and the proceed as follows for non std FTP inspection.
access-list FTP extended permit tcp any host 1.1.1.1 range 20 21
access-list FTP extended permit tcp host 1.1.1.1 any range 20 21
class-map class_ftp
match access-list FTP
!
Policy-map global_policy
class class_ftp
inspect ftp
!
service-policy global_policy global
HTH
Vijaya
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: