Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Could not Access the FTP server from the outside interface (ASA 5510)

Dear All,

I am setting up a test environment with the following configuration. Although I have created the ACL and also enable the Port re-direction, but I still not able to access the FTP server from the outside.

ASA Version 7.0(6)

!

hostname ACN-GW

domain-name anc.com

names

dns-guard

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 172.16.10.1 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 192.168.100.1 255.255.255.0

!

interface Ethernet0/2

nameif Student

security-level 50

ip address 192.168.101.1 255.255.255.0

!

nameif management

security-level 0

ip address 192.168.200.1 255.255.255.0

management-only

!

ftp mode passive

access-list acl_inbound extended permit tcp any host 172.16.10,1 eq ftp

access-list acl_inbound extended permit tcp any host 172.16.10.1 eq ftp-data

!

tcp-map map

!

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

nat (Student) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp 172.16.10.1 ftp 192.168.100.2 ftp netmask 255.255.255.255

static (inside,outside) tcp 172.16.10.1 ftp-data 192.168.100.2 ftp-data netmask 255.255.255.255

access-group acl_inbound in interface outside

route outside 0.0.0.0 0.0.0.0 172.16.10.2

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

inspect ftp

!

service-policy global_policy global

: end

Kindly advise, did I miss out something from the configuration.

JC

  • Firewalling
2 REPLIES
New Member

Re: Could not Access the FTP server from the outside interface (

instead of

access-list acl_inbound extended permit tcp any host 172.16.10,1 eq ftp

it should read

access-list acl_inbound extended permit tcp any any eq ftp

New Member

Re: Could not Access the FTP server from the outside interface (

Hi JC,

I have exactly the same issue as you. I also start a conversation: http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddff247

I don't have the answer rigth now. Do you find how to make it work?

Thanks

Ben

255
Views
0
Helpful
2
Replies
This widget could not be displayed.