Currently I am trying to get FTP access to a machine from inside my DMZ from our private network via the external network. I have set up static commands for a number of machines that will be put into the DMZ however the FTP server is the only one in there at this time.I have set up access-lists for access to the DMZ on port 25.
Here is my config. Any advice would be greatly appreciated.
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
access-list FMPTraffic permit tcp any host xxx.yyy.zzz.98 eq 5003
access-list FMPTraffic permit tcp any host xxx.yyy.zzz.98 eq 3389
access-list FMPTraffic permit tcp any host xxx.yyy.zzz.105 eq www
access-list FMPTraffic permit tcp any host xxx.yyy.zzz.105 eq ftp
access-list FMPTraffic deny ip any any
access-list outbound permit ip any any
access-list outbound deny ip 192.168.3.128 255.255.255.224 any
access-list outbound deny ip 192.168.3.96 255.255.255.224 any
I was editing my original post as you posted. I had made some mistakes about the issue I was having. The problem is only occurring when attempting to connect to the external IP Address from the internal network (essentially making a U-Turn on the firewall).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...