We have ASA5510/20 running in NAT/routed mode. We received a request to open ports for internal server to make FTPS connection to outside servers. Internal server initiate the connection. External vendor asked us to open 9021 (FTP ctrl) & 20000-20099 (PASV/EPASV) for their IPs. Long time back while I was testing with FTPS via PIX, ran into some data transfer issues. Never got a chance to check on it later.The ASAs running 7.2 (4) and 7.1 (2). Using One-one NAT for servers. Do this still poses encryption issues for FTPS or not to expect any issues for the FTPS connectivity (with the above said ports opened).
1. You are using one-to-one NAT with FTP exposed to outside should not have problem is application running on the defined ports by the server admin team.
2. To get insight view you can monitor the sample FTP sessions and check for any dropping of the packet. If you still face problem ask server team to carry out the sample FTP from inside network. If it successful then should be successful from outside as well.
3. Sometime even on servers some policies maintained either by antivirus or FTP application.. needs to have visibility beside network access control
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...