Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ftp blocked on asa 8.3

upgrading from pix 7.2 to asa 8.3

ftp connect outside, ask for user\pwd and login successfully

from this point on if I try to do anything (which is passive mode) the connection hang and I get deny for the connection on the ASA log

ftp passive mode is on

any ideas?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ftp blocked on asa 8.3

Hello,

You should configure FTP inspection unless you are manually opening the data channel ports via an ACL. The inspection will dynamically open these ports for the duration of the FTP connection. Give these commands a try:

policy-map global_policy
class inspection_default

    inspect ftp

service-policy global_policy global

Hope that helps.

-Mike

3 REPLIES

Re: ftp blocked on asa 8.3

Hi,

There's no NAT or ACL problems if you're logging in succesfully to the FTP.

Are you inspecting FTP traffic?

sh run policy-map

Federico.

New Member

Re: ftp blocked on asa 8.3

only policy-map is:

policy-map type inspect dns preset_dns_map

do I have to configure inspect ftp? didn't have it on my old pix

Cisco Employee

Re: ftp blocked on asa 8.3

Hello,

You should configure FTP inspection unless you are manually opening the data channel ports via an ACL. The inspection will dynamically open these ports for the duration of the FTP connection. Give these commands a try:

policy-map global_policy
class inspection_default

    inspect ftp

service-policy global_policy global

Hope that helps.

-Mike

1697
Views
4
Helpful
3
Replies
CreatePlease login to create content