I need assistance getting FTP inspection to work with NAT.
NAT is working, but not with FTP inspection. When
the client issues the PASV command, the server reply contains the original (not nat'd) IP
address. For example this is what the client sees:
-> PASV
<- 227 Entering Passive Mode (192,168,200,114,7,175)
192.168.200.114 is the server's real IP. I want it to show the NAT'd IP which is
10.16.20.114.
=== RELEVANT CONFIG ===
access-list NAT line 10 extended permit ip 192.168.200.0 255.255.255.0 any
class-map match-any NAT_CLASS
3 match access-list NAT
class-map match-any FTP_TRAFFIC
2 match port tcp eq ftp
policy-map multi-match multimatch_dmz.pm
class NAT_CLASS
nat static 10.16.22.0 netmask 255.255.255.0 vlan 100
class FTP_TRAFFIC
inspect ftp
interface vlan 36
ip address 192.168.200.2 255.255.255.0
alias 192.168.200.1 255.255.255.0
peer ip address 192.168.200.3 255.255.255.0
service-policy input management_vl36
service-policy input multimatch_dmz.pm
no shutdown
=== END ===