Solved: RMH new ASA5510 broke receiving files using FTP

rpw5354 · ‎01-26-2006

I put our new ASA5510 in production and it broke a third party application that we use! It's a program that uses FTP but it doesn't use the default FTP port 21 it uses some other port number, 6123, I think! It would not allow us to RECEIVE files from an external FTP server. In order to fix the application I had to remove the INSPECT FTP statement from the ASA5510 configuration! This fixed the problem with the third party application but now we can't receive files from the outside using a standard GUI FTP program that used to work! How can I get both apps to work properly? Thank you!

varakantam · ‎01-26-2006

To change the default configuration for FTP inspection, perform the following steps:

Step 1 Name the traffic class by entering the following command in global configuration mode:

hostname(config)# class-map class_map_name

Replace class_map_name with the name of the traffic class, as in the following example:

hostname(config)# class-map ftp_port

When you enter the class-map command, the CLI enters the class map configuration mode, and the prompt changes, as in the following example:

hostname(config-cmap)#

Step 2 In the class map configuration mode, define the match command, as in the following example:

hostname(config-cmap)# match port tcp eq 23

hostname(config-cmap)# exit

hostname(config)#

To assign a range of continuous ports, enter the range keyword, as in the following example:

hostname(config-cmap)# match port tcp range 1023-1025

To assign more than one non-contiguous port for FTP inspection, enter the access-list command and define an access control entry to match each port. Then enter the match command to associate the access lists with the FTP traffic class.

Use the newly created class-map with service-policy command for the interface or add it to global service-policy

View solution in original post

varakantam · ‎01-26-2006