Allowing FTP through firewall to internal ftp server.

Unanswered Question
Sep 19th, 2016
User Badges:

Hey all, I have been trying to figure this out today, I have not gotten any further, I am a complete newbie to using the ASA firewall.


On one of our virtual servers in the company, I have set up an FTP server with ISS. I can access it by going through ftp://internal-ip-of-the-server.


I am trying to set up the firewall to allow outside connections to access the FTP server on the virtual server, but without luck, every time I come across a question and an answer on this site (And I have been through a lot) There are long config files that I have no idea what to do with.


I am connecting to the firewall with ASDM.

ASA Version 9.1(2)

ASDM Version 7.1(3)

Device Type ASA 5515


I followed this guide, but I still cannot access the FTP server.

http://www.petenetlive.com/KB/Article/0000772


Again very sorry for my noobish question, I am, as I mentioned, VERY new to this.


Thank you so much for your answers in advance, any help is greatly appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Luke Oxley Mon, 09/19/2016 - 08:12
User Badges:
  • Bronze, 100 points or more
@Emil Hz,

Thanks for your post - not to worry, the ASA is a complicated piece of equipment. I will get this sorted for you.
What you need to achieve public access to your internal FTP server is a NAT statement and an access control list permitting the traffic. Potentially as little as two lines of configuration, that easy.
I would recommend that you revert any changes you've made on the ASA thus far so we can start afresh. Please let me know what version of ASA your appliance is running, the IP address of the internal FTP server and post a sanitised configuration up. I'll write up and tailor the needed commands to your environment and explain them in detail for you.
I look forward to hearing back.

Kind regards,
Luke


Please rate helpful posts and mark correct answers.
Emil Hz Tue, 09/20/2016 - 03:49
User Badges:

Hello Luke, thank you so much for taking your time to help me, it is greatly appreciated.


I have reverted the changes I made following the guide, however there are still a lot of user-made configurations on the firewall, from the previous IT guy.


The ASA is version 9.1(2) or thats what i says in the asdm.


The Ip of the internal ftp server is 192.168.15.5, the firewall is at 192.168.15.1.

I would like to post the config file, but I can't for the life of me figure out how to locate it.

Again thank you so much for wanting to help me, I spent way too much time yesterday trying to make it work.

Best

Luke Oxley Wed, 09/21/2016 - 22:38
User Badges:
  • Bronze, 100 points or more
Hey @Emil Hz,

Apologies for the late response. It's my pleasure in helping you. To get the configuration file, you'll need to SSH to the ASA, login and then enter privileged exec mode, otherwise known as enable. At the CLI prompt, run the command "show run", then copy and paste the output that it prints in to this forum. Please be sure to omit any passwords or other sensitive data.
This will give me a full view of how your environment hangs together. I will be able to write the correct configuration you need to get this working for you.
I look forward to hearing back.

Kind regards,
Luke


Please rate helpful posts and mark correct answers.
Emil Hz Thu, 10/20/2016 - 04:36
User Badges:

Hello Luke, again thanks for wanting to help me, I am now back in the office.


I couldn't access the ASA through SSH, but I went into the ASDM>Tools>Command Line Interface and ran the 'show run' command.


Here is the result, I have omitted encrypted passwords and IP addresses.


Result of the command: "show run";



Will I need to add something to the config ? or can I run commands to add something through the command line?


Best

Emil Hz Tue, 09/20/2016 - 06:30
User Badges:

In addition to the other post, I have referred to the ports 5000-5100 in the ISS for passive connections from the  external firewall.

vesiclife1 Thu, 11/10/2016 - 15:49
User Badges:

Hi Luke. 

I am running an ASA 5505 V8.2 

I need to allow FTP access to my FTP in the DMZ from the outside network.

Actions

This Discussion

Related Content