04-18-2009 05:46 AM - edited 03-09-2019 10:14 PM
Dear All,
I am not able to access FTP from internal network or office, if i connect from other then my office i can access.
What port i have to enable on ASA 5510 & ISA???
04-18-2009 06:19 PM
Hi,
I assume that the office connected interface is configured as inside with security-level 100.
Check the following:
1. ACL bounded to inside interface
asa(config)# show run access-group
if it results: access-group inside_access_in in interface inside
then: show run access-list inside_access_in
verify if the acl has: access-list insidie_access_in permit tcp 192.168.57.0 255.255.255.0 any eq ftp
where 192.168.57.0 is your office network.
if your network has no such acl add one.
2. Check your service policy
run command:asa(config)# sh run service-policy
check: if there is global_policy or interface policy applied to inside interface.
3. Check what protocols are inspected
run command: sh run policy-map
find: the policy and verify "inspect ftp" is there in inside class-map of policy-map applied to inside interface.
if you don't find one, add one.
If possible, post your config for review
H2H
Roshan
04-19-2009 04:39 AM
Dear Roshan,
Thanks for your answer, but i would like to elaborate.....i have my ftp server some outside my network on a public ip n from my network i cannot access it.i have enable the port 20 & 21 but still i m not able to access....
04-20-2009 04:53 AM
Further to Roshans earlier post, once the ACL is added (or confirmed that you have one) run the following command to ensure that the ACL has a hit count.
sho access-list
Also, ensure that this FTP server is accessible from the outside of your network, if possible setup a directly connected machine to your internet connection (purely for testing!)
HTH
Steve
04-20-2009 11:50 PM
Dear ,
Below is the access-list which are configured on ASA. But still i am not able to access FTP site.
access-list out-in line 22 extended permit tcp any eq ftp any eq ftp (hitcnt=0)
access-list out-in line 23 extended permit tcp any gt 1023 any gt 1023 (hitcnt=3517)
access-list out-in line 24 extended permit tcp any eq ftp-data any eq ftp-data (hitcnt=0)
04-21-2009 12:28 AM
Please can you post your access-group config so I can see what direction the ACLs have been applied.
Steve
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: