We had an ASA 5510 as a firewall in our environment, and there is a requirement to access an ftps server from our location. Currently from the server location they configured everything by allowing our public ip to their server and gave the following details to access ftp.
Server address for accessing ftp > ftp://ftp.<server address>.com
FTPS Access from port 990 (Implicit)
User ID: <user id>
Please suggest which traffic needs to be allowed in our ASA to access the ftp server address as mentioned above. From my initial analysis, it's found that 989 port is also enabled for the access, but that was not mentioned by them.
Any advice or suggestions regarding this is highly appreciable.
Client on the inside and server on the outside, Server on Passive mode.
Same thing, client initiates the connection on port 990/22, the server agrees and waits for the client to set the port command. Client initiates the connection to the outside world in that n+1 port to the server and everything is going to work fine.
This may sound a little bit complicated, what you need to understand is that the firewall cannot open the Data channel because the Control channel is encrypted. Make sure that the data channel is seeing by the firewall as a regular connection.
Do rate all the helpful posts
Looking for some Networking Assistance?
Contact me directly at email@example.com
I will fix your problem ASAP.
Julio Carvajal Segura
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...