Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
558
Views
0
Helpful
1
Replies

ASA5505 Configure FTP on differnt port, ex. 58158

admin_2
Level 3
Level 3

‎10-21-2009 01:46 AM - edited ‎03-11-2019 09:28 AM

Hi!

I'm trying to configure ASA 5505 to pass FTP connection to Win2003 IIS FTP server on port 58158.

Works fine with port 21 but not any other port.

I get : 227 Entering Passive mMode (192.168.1.10,142,158)

The server sent a passive answer with a non routable address.

This IP is the internal server address.

When I use port 21 the IP address above is the external address ocf the router and everything works fine.

Using static NAT rule Interface inside, server IP address. Translated Interface outside, use Interface IP address.

Enablr Port Address Translation, TCP port 21 to 21 (or 58158 to 58158)

Any idea?

Labels:
0 Helpful
1 Reply 1

Herbert Baerten
Cisco Employee
Cisco Employee

‎10-21-2009 06:49 AM

You'll have to configure FTP inspection for this port, e.g.:

class-map class-ftp

match port tcp eq 58158

policy-map global_policy

class class-ftp

inspect ftp

service-policy global_policy global

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card