Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FTP active, HSRP and NAT

Hello:

I have a problem with FTP in active mode, I´m trying to connect to the FTP server in an outside network.

Connectivity in my inside network to the outside network is with two routers using HSRP for backup and NAT static because we have to deliver one public address. I have one ethernet interface from each router to the outside network with hsrp; I have two more serial ports in each router 3620, one to differents sites in my network and one to connect them back to back for backup.

My routers are 3620 with two different versions: 12.1(5)T5 and 12.2(17a); This is the configuration I use.

3620-1 (active router)

interface ethernet 0/0

ip address 10.248.100.26 255.255.255.0

standby 173 ip 10.248.100.28

standby 173 priority 110

standby 173 preempt

ip nat outside

interface Serial1/0

description LINK TO SITE A

bandwidth 64

ip address 128.10.206.254 255.255.255.0

ip nat inside!

interface Serial1/1

description BACK TO BACK 3620-1

bandwidth 128

ip address 128.10.75.254 255.255.255.0

ip nat inside

clockrate 128000

ip nat inside source static 128.10.70.97 168.165.173.67

ip route 140.240.11.32 255.255.255.255 10.248.100.1

3620-2 (standby router)

interface ethernet 0/0

ip address 10.248.100.27 255.255.255.0

standby 173 ip 10.248.100.28

standby 173 preempt

ip nat outside

interface Serial1/0

description LINK TO SITE B

bandwidth 128

ip address 128.10.207.254 255.255.255.0

ip nat inside!

interface Serial1/1

description BACK TO BACK TO 3620-2

bandwidth 128

ip address 128.10.75.253 255.255.255.0

ip nat inside

clockrate 128000

ip nat inside source static 128.10.70.97 168.165.173.67

ip route 140.240.11.32 255.255.255.255 10.248.100.1

The FTP is from my client with ip 128.10.70.97 to the server with ip 140.240.11.32,please note that I´m nating my ip address to be allowed to get the server. The ip of the server is an ip nat too.

The problem is that we are not able to send data with FTP session, when I try to connect I am able to logon but when I type dir or other command (get, put) I don´t receive response from the FTP server.

One thing, I repited this test with FTP passive mode and I was able to logon and dir (display the files in the server and get and put files)If I shutdown one ethernet interface (with HSRP) I am able to connect with FTP active mode; I think the problem is because I´m using HSRP and NAT at the same time in the same router.

Somedoby know If can I work with FTP active with this configuration?

Can you reccomend one action?

Thanks in advance.

1 REPLY
Cisco Employee

Re: FTP active, HSRP and NAT

Hi,

First of all make sure your IOS meets the requirement per this link

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t4/ftnthsrp.htm

Second, try to find out the NAT translation entry when you issue a DIR and the sessions gets hung. If you dont find it, may be this is an issue with NAT+FTP.

Thanks

Nadeem

93
Views
0
Helpful
1
Replies