Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

basic Nat rule (newbie)

Hi all,

I am a newbie for cisco pics and I wanted to add abasic NAT rule to my firewall to allow and redirect FTP requests from internet to one of my public adresses

194.250.0.50 to an internal computer 190.100.100.102.

using the web interface I added one nat rule:

static (outside,inside) 190.100.100.102 194.250.0.50 netmask 255.255.255.255 0 0

and allow incoming ftp requests:

access-list outside_access_in permit tcp host 190.100.100.102 eq ftp host 194.50.0.0 eq ftp

proxy arp is enabled

but when trying to connect from outside to 194.250.0.50 is denied

here is what I got in the log:

106023:Deny tcp src 195.115.153.23x/xxxx dst inside:ftpexternal/21 by access-group "outside_access_in"

ftpexternal stands for 194.250.0.50

Look's like my rule is not correct .

Can any one help me on the matter ?

5 REPLIES
New Member

Re: basic Nat rule (newbie)

Looks to me like your ACL is wrong - is should be:

access-list outside_access_in permit tcp host 195.115.153.23x host 194.250.0.50 eq ftp

That's assuming that you only want access from that one external host - you can have any host or network in there.

You don't need an ACL from 190.100.100.102 to 194.250 (in any case your ACL was referencing 194.50.0.0).

New Member

Re: basic Nat rule (newbie)

Thank's

I just want any network being able to connect to 194.250.0.50 using ftp .

New Member

Re: basic Nat rule (newbie)

So then:

access-list outside_access_in permit tcp any host 194.250.0.50 eq ftp

New Member

Re: basic Nat rule (newbie)

Also I think you have the static rule the wrong way round:

static (inside,outside) 194.250.0.50 190.100.100.102 netmask 255.255.255.255

At least that is how we do it here.

New Member

Re: basic Nat rule (newbie)

thank's it is working

thank's lot again

116
Views
0
Helpful
5
Replies