Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

FTP to a non standard port while using NAT

This may be a little lengthy but hopefully someone can point me in the right direction. Scenario: I am located at a facility that has a point to point frame relay line into a customer site with a FTP Server that I need access to. I actually target a registered address that is then natted to the customer's ftp server at my 2524 that is onsite at the customer location. That router is currently running version c2500-is-l.121-15. The customer has requested that we use the non standard port 2021 for all ftp's targeting their server. I have configured the 2524 with the ip nat service list 10 ftp tcp port 2021, and created an acl 10 permit statement for the customer's actual internal IP address configured on their ftp server. Connectivity to the Server isn't the issue..I can actually log onto the ftp server, enter pasv mode and as soon as I issue a stor command the connection with the Server times out. I have also ensured that all nat translations are happening. In my firewall here I see the correct source and destination nat'd addresses. I'm thinking that my 2524 that is onsite at the customers location is performing the nat translation but appears to be ignoring the payload of the ftp packets. Does anyone have any advice?

5 REPLIES

Re: FTP to a non standard port while using NAT

The catch here....I think is the following....

YOu enabled the NAT router to check the payload of the FTP packets coming in at port 2021. using the "ip nat service" command. But the NAT router will stop checking ftp packets, which are control packets (when you issue commands) which are still using port 21.

So if the control connections are still running on 21, while data is running over 20..... you should be configuring two commands as follows.

ip nat service list 10 ftp tcp port 21

ip nat service list 10 ftp tcp port 2021

Re: FTP to a non standard port while using NAT

"So if the control connections are still running on 21, while data is running over 20..... you should be configuring two commands as follows"

In my previous post, make 2021 instead of 20.

Apologize for the typo error.

Community Member

Re: FTP to a non standard port while using NAT

thanks for the quick response, I will give it a try. Also, the acl that I configured that the ip nat service command references.....should that acl reflect the actual customer internal address of the ftp server or should I configure it so that the acl reflects the registered address that we are targeting to get to the ftp server? Thanks again.

Re: FTP to a non standard port while using NAT

It should be matching the actual internal ip address of the ftp server.

Silver

Re: FTP to a non standard port while using NAT

Are you allowed to use your FTP server in Active mode ?? If yes, can you try some commands in active mode and see if the connection times out ???

326
Views
0
Helpful
5
Replies
CreatePlease to create content