Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FTP issues from Internal server

Hi all,

L3Switch --> ASA--> Internet router.

The Switch Does not have any default route configured but has BGP with Internet router. BGP injects default route in to Switch.

B* [200/0] via, 7w0d

ASA has OSPF enabled and the L3 switch as well. From any PC in the network if we check (ASA outside interface IP).

The problem here is we are trying to FTP to external site from a server iside the switch, it allows us to loginto site but any other command- immediately disconnects.


ftp> ls

500 Illegal PORT command

425 Unable to build data connection: Connection refused


The server can make successful FTP to internal servers at another location via P2P DS3 link. I tried 1. Removing the ACL on the internet router outside interface and also wilth passive FTP (from windows ftp client on server)- but no luck.

The destination has ports open for :

Please suggest...

Thank you


New Member

Re: FTP issues from Internal server

Ok.. I got lucky with enabling 'inspect ftp' on ASA and removing ACL from Internet router external interface.

But as it is not a good idea to leave the external interface on the Internet rtr open, iam looking for a way to get thsi accomplished. This server currently has no public IP or static nat configured on the ASA. It hits the internet via Nat'ed IP of the ASA outside interface as any other servers/work stations.

So inorder to accomplish what Iam looking for do I need to have Static Public IP for the Internal server..? Also, what kind of ACL helps me out here from allowing FTP connections sourced from this server.

Thanks you in advance


New Member

Re: FTP issues from Internal server

Resolved myself with proper ACLs.. :-)

Thank you