12-20-2007 08:22 AM - edited 03-12-2019 05:53 PM
Hello all,
I am having dificulties migrating from a PIX to an ASA 5520 8.0(3).
I have the nat translations of the DMZs servers and the access list in the outside interface as see below:
access-list outside_access_in extended permit tcp any host FTP range ftp-data ftp
static (DMZ,outside) x.y.z.a FTP netmask 255.255.255.255
But when i try to connect to the outside natted address, the log says that the connection is denied due to the access list.
when I try a sh nat DMZ FTP, it says:
match ip DMZ host FTP outside any
static translation to x.y.z.a
translate_hits = 0, untranslate_hits = 52
It seems it is not being translated
Any ideas?
Solved! Go to Solution.
12-20-2007 08:25 AM
access-list outside_access_in extended permit tcp any host FTP range ftp-data ftp
should be...
access-list outside_access_in extended permit tcp any host x.y.z.a range ftp-data ftp
12-20-2007 08:25 AM
access-list outside_access_in extended permit tcp any host FTP range ftp-data ftp
should be...
access-list outside_access_in extended permit tcp any host x.y.z.a range ftp-data ftp
12-21-2007 02:02 AM
Then, my question is, does the ASA work in a different way than the PIX regarding access-list?
I mean, does pix do first nat and later control and asa vice versa?
BR
12-21-2007 06:10 AM
No, they work the same way.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: