Hi, for inbound access a static translation is required. Use the 'static' command for this.
Are you able to do someting else then ftp (like surfing the internet)? The outbound config seems to be fine. Maybe you default gateway is incorrect? If your provider provides the default gateway through dhcp, you can enter this command:
to allow inbound traffic (from a lower to a higher security level) you need two things (that's the way the pix works).
1. first create a static translation. Why is this necessary. It is for linking the public address (as it is known on the internet) of the ftp server to the private address (the real ip address of the server on your lan) of the ftp server. This can only be done by a static translation. It maps the public address to the private address. So when ftp requests from the internet arrive at your outside interface and the destination address is the public address of the ftp server, then the pix forwards the request to the private address of the ftp server on your private network.
2 create an access-list to allow inbound traffic from the internet to the public address of the ftp server.
Conduits are outdated (but can still be used ). Like you said, you should use access-list instead of conduits (don't mix them in a config). That's correct.
Am I being a little bit clear? I hope so :-) If you have any more questions, don't hesitate to post them.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...