Hi Rick, thank you for your reply.

I don't have tunneling configured. I have a frame relay link between an external router (in network 192.168.10.X) and the Cisco 1720, these one is connecting to network 10.1.1.0 through a firewall with an ip 192.168.4.5.

The FTP server is in network 10.1.1.X ((the FTP server is 10.1.1.138)

The configuration is as follows:

ROUTER_1720#sh run

Building configuration...

Current configuration : 1617 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname ROUTER_1720

!

memory-size iomem 25

ip subnet-zero

!

ip audit notify log

ip audit po max-events 100

!

!

!

interface FastEthernet0

ip address 192.168.4.6 255.255.255.252

ip nat inside

speed auto

!

interface Serial0

no ip address

encapsulation frame-relay

no fair-queue

frame-relay traffic-shaping

frame-relay lmi-type ansi

!

interface Serial0.1 point-to-point

description CANAL_A

ip address 192.168.35.26 255.255.255.252

ip nat outside

frame-relay interface-dlci 496

class 256K

!

!

ip nat inside source static 10.1.1.138 192.168.116.179

ip classless

ip route 10.1.1.0 255.255.255.0 192.168.4.5

ip route 192.168.10.0 255.255.255.0 192.168.35.25

no ip http server

!

!

!

map-class frame-relay 256K

no frame-relay adaptive-shaping

frame-relay cir 256000

frame-relay bc 256000

frame-relay be 0

frame-relay mincir 256000

!

!

line con 0

login

line aux 0

line vty 0 4

login

!

no scheduler allocate

end

ROUTER_1720#

William

Thanks for posting the router config. There are a couple of things about it that I would like to ask about:

- perhaps you could explain the topology. your comments indicate that the connection through FastEthernet0 is through a firewall. And apparently the inside network is through the firewall? and the Frame Relay interface leads to the outside? So who is attempting to access the FTP server? what interface does that traffic arrive on?

- I am surprised that there is no dynamic routing protocol and only 2 static routes. There is a route to 10.0.0.0 through the inside and a route to 192.168.10.0 through the outside. And there are no other routes.

- which leads to one of the problems. You are translating the address of the FTP server into 192.168.116.179 but there is no routing information about how to get to 192.168.116. So this would be the first problem about why you can not access the FTP server.

HTH

Rick

Hi Rick, sorry for my simple description. I'm attaching a diagram i hope it helps you to understand the topology. It's a very simple topology. There is not a routing protocol because it's basically a point-to-point connection.

Router B, in the diagram is the firewall i described before, but this firewall, in this case, is just routing network 10.1.1.x and network 192.168.4.x

A host in network 192.168.10.x is able to do a ping to NATed server 192.168.116.179 (which real address is 10.1.1.138), but, when it try to open a FTP connection just appear the "welcome screen" but it doesn't permit to enter the user and password.

some people told me that it's because i have to configure the tcp adjust mss, but i think it's a problem with the FTP server.

so, do you think i have to configure de tcp adjust mss?

Thanks a lot for your interest Rick. I have resolved the problem.

It's not necessary to modify the size of packets with TCP MSS ADJUST.

Problem was in FTP server and some security rules.

Thank you

William

Thank you for posting back indicating that you have resolved the problem and what the problem was. It makes the forum more useful when people can read about a problem and can read what the problem was.

HTH

Rick