Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
659
Views
0
Helpful
5
Replies

FTP to a non standard port while using NAT

jkl1972
Level 4
Level 4

‎11-11-2002 07:34 AM - edited ‎03-02-2019 02:48 AM

This may be a little lengthy but hopefully someone can point me in the right direction. Scenario: I am located at a facility that has a point to point frame relay line into a customer site with a FTP Server that I need access to. I actually target a registered address that is then natted to the customer's ftp server at my 2524 that is onsite at the customer location. That router is currently running version c2500-is-l.121-15. The customer has requested that we use the non standard port 2021 for all ftp's targeting their server. I have configured the 2524 with the ip nat service list 10 ftp tcp port 2021, and created an acl 10 permit statement for the customer's actual internal IP address configured on their ftp server. Connectivity to the Server isn't the issue..I can actually log onto the ftp server, enter pasv mode and as soon as I issue a stor command the connection with the Server times out. I have also ensured that all nat translations are happening. In my firewall here I see the correct source and destination nat'd addresses. I'm thinking that my 2524 that is onsite at the customers location is performing the nat translation but appears to be ignoring the payload of the ftp packets. Does anyone have any advice?

Labels:
0 Helpful
5 Replies 5

thisisshanky
Level 11
Level 11

‎11-11-2002 07:48 AM

The catch here....I think is the following....

YOu enabled the NAT router to check the payload of the FTP packets coming in at port 2021. using the "ip nat service" command. But the NAT router will stop checking ftp packets, which are control packets (when you issue commands) which are still using port 21.

So if the control connections are still running on 21, while data is running over 20..... you should be configuring two commands as follows.

ip nat service list 10 ftp tcp port 21

ip nat service list 10 ftp tcp port 2021

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

thisisshanky
Level 11
Level 11
In response to thisisshanky

‎11-11-2002 07:49 AM

"So if the control connections are still running on 21, while data is running over 20..... you should be configuring two commands as follows"

In my previous post, make 2021 instead of 20.

Apologize for the typo error.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

jkl1972
Level 4
Level 4
In response to thisisshanky

‎11-11-2002 08:19 AM

thanks for the quick response, I will give it a try. Also, the acl that I configured that the ip nat service command references.....should that acl reflect the actual customer internal address of the ftp server or should I configure it so that the acl reflects the registered address that we are targeting to get to the ftp server? Thanks again.

0 Helpful

thisisshanky
Level 11
Level 11
In response to jkl1972

‎11-11-2002 08:20 AM

It should be matching the actual internal ip address of the ftp server.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

anup.anand
Level 5
Level 5

‎11-11-2002 10:34 AM

Are you allowed to use your FTP server in Active mode ?? If yes, can you try some commands in active mode and see if the connection times out ???

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents