Ok....I'm feeling a little less intelligent everyday. So I am struggling trying to figure out why I'm unable to assign rules on my ASA
that will allow me to FTP from the DMZ side of my ASA to the Inside. Let me explain my situation
Inside interface - security level 100
Outside Interface - security level 0
DMZ - security level 40
I am trying to initiate an FTP request from the DMZ side of the firewall to the Inside. I am using a Passive FTP type. Here is what
i've done to this point.
I have declared a static nat translation for the destination workstation (the one on the inside). I've actually opened up the DMZ ACL to allow my DMZ
subnet to permit IP any to any. This, I would think, should take care of any inbound FTP attempt. I have also allowed on the inside ACL for the inside workstation to talk to the DMZ subnet via IP. So basically this is what it looks like:
10.10.10.100 ASA 192.168.1.200
static (INSIDE,DMZ) 192.168.253.10 10.10.10.100 netmask 255.255.255.255
I initiate my FTP and point it to the 192.168.253.10 address so that it goes to 10.10.10.100. From the log, it seems like the workstation is receiving
the first SYN packet with a destination of port 21, but unfortunately.....I can't get it to do anything past that. It's building connections coming inbound, but for some reason it will not allow me to see the folders or whatnot on 10.10.10.100.
I'm assuming this is all I pretty much need for FTP as long as my access lists are allowing both ways, which they should be. If someone can explain
what I'm missing, I'd greatly appreciate it. I'm not quite sure what i'm missing, but it's about to give me a anneurism!
Thanks in advance,
Let us try to figure out where it is getting blocked. Can you put the
following captures on the firewall and get us the outputs?
Access-list cap permit ip host
Capture capin access-list cap interface inside
Capture capdmz access-list cap interface dmz
Once you configure above lines, run the test. Then collect the output of
"show capture capin" and "show capture capdmz". That should give us a good
idea of what is happening.