Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FTP Access


I am having problems with allowing access to my FTP site. I have had it working in the past, but tried to make some changes to my router over the weekend and was forced to reset the configuration and start over. I saved my previous configuration and put it back in in what I thought was line for line, but now my FTP site can't be accessed from outside my LAN. Could someone please look at my attached configuration and tell me what I am doing wrong?

Hall of Fame Super Silver

Re: FTP Access


I have looked at what you configured and have these observations and questions:

- you have configured:

ip port-map ftp port tcp from 20 to 21 list 2 description FMG FTP

I do not understand why this command is there since it does not seem to change from the system defined defaults. But since it is there there are several issues with it. After the keyword "port" there should be a port number but there is not. Also the keyword "list" indicates that there is a standard access list identifying the host(s) to which the map applies. You indicate list 2 but there is no list 2. If you keep the command then you need to configure access-list 2.

also the documentation indicates that the port-map is intended for use with CBAC but I do not see any indication that CBAC is being used. I suggest that you remove the port-map command and see if things improve.

- I also wonder about this:

ip nat inside source static udp 192.168.x.x 21 interface FastEthernet4 21

I can understand a translation of tcp port 21 but why translate udp port 21. I also wonder if you are doing static translation of tcp port 21 if you should do a static translation of tcp port 20 also.



New Member

Re: FTP Access

Allright I have made the changes that you have suggested and still no go. I am very confused now and am wondering if there is something that need to be enabled to allow static nat translations. Is there some way to troubleshoot this that will help. I am posting my configuration again to see if anyone can help please.