Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problems with ASA 5520

Hello all,

I am having dificulties migrating from a PIX to an ASA 5520 8.0(3).

I have the nat translations of the DMZs servers and the access list in the outside interface as see below:

access-list outside_access_in extended permit tcp any host FTP range ftp-data ftp

static (DMZ,outside) x.y.z.a FTP netmask 255.255.255.255

But when i try to connect to the outside natted address, the log says that the connection is denied due to the access list.

when I try a sh nat DMZ FTP, it says:

match ip DMZ host FTP outside any

static translation to x.y.z.a

translate_hits = 0, untranslate_hits = 52

It seems it is not being translated

Any ideas?

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: Problems with ASA 5520

access-list outside_access_in extended permit tcp any host FTP range ftp-data ftp

should be...

access-list outside_access_in extended permit tcp any host x.y.z.a range ftp-data ftp

3 REPLIES
Green

Re: Problems with ASA 5520

access-list outside_access_in extended permit tcp any host FTP range ftp-data ftp

should be...

access-list outside_access_in extended permit tcp any host x.y.z.a range ftp-data ftp

New Member

Re: Problems with ASA 5520

Then, my question is, does the ASA work in a different way than the PIX regarding access-list?

I mean, does pix do first nat and later control and asa vice versa?

BR

Green

Re: Problems with ASA 5520

No, they work the same way.

107
Views
0
Helpful
3
Replies
This widget could not be displayed.