Good afternoon experts - I am in need of a quick resolution to what I am sure is a fairly standard configuration issue.
Description: we need to configure a DMZ on an ASA for an FTP server with a public IP address. Outside partners need to send files to this FTP server. We then need to have these files transferred internally to a file server.
Problem: outside partners are able to send the files to the FTP server in the DMZ, but we cannot retrieve them from the internal file server through the ASA.
ip address 205.x.y.z 255.255.255.248
nameif INSIDE (IP address of internal file server is 192.168.x.x)
ip address 10.x.x.x 255.255.255.0
description DMZ IP (IP address of FTP server 198.d.e.25)
ip address 198.d.e.30 255.255.255.248
NAT contains this:
nat (INSIDE) 0 access-list NO-NAT
access-list NO-NAT line 153 extended permit ip host 192.168.x.x host 198.d.e.25
nat (DMZ) 0 access-list NO-NAT-DMZ
access-list NO-NAT-DMZ line 1 remark Allow traffic from SFTP server to Corp-Server
access-list NO-NAT-DMZ line 2 extended permit ip host 198.d.e.25 host 192.168.x.x
There are no access-group rules applied to INSIDE or DMZ interfaces.
What is missing, or misconfigured? Your input is greatly appreciated.