Trying to configure a Cisco ASA 5510 to allow passive FTP and the connections are failing. Bellow is the configuration. How do you allow passive FTP on the ASA?
User Access Verification
Password:
Type help or '?' for a list of available commands.
SPIRIT-ISLANDA-ASA2> en
Password: *****
SPIRIT-ISLANDA-ASA2# sh run
: Saved
:
ASA Version 7.2(1)
!
hostname SPIRIT-ISLANDA-ASA2
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
description OUT
nameif OUT
security-level 0
ip address 201.218.218.2 255.255.255.248
!
interface Ethernet0/1
description IN
nameif IN
security-level 100
ip address 10.10.10.1 255.255.255.252
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.5 255.255.255.0
management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
object-group icmp-type PING
description Pruebas de Ping
icmp-object echo
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded
access-list outside_access_in extended permit icmp any host 201.218.218.17 object-group PING
access-list outside_access_in extended permit tcp any host 201.218.218.17 eq telnet
access-list outside_access_in extended permit icmp any host 201.218.218.2 object-group PING
access-list outside_access_in extended permit icmp any host 201.218.218.18 object-group PING
access-list outside_access_in extended permit tcp any host 201.218.218.18 eq ftp
access-list outside_access_in extended permit tcp any host 201.218.218.18 eq ssh
access-list outside_access_in extended permit tcp any host 201.218.218.22 eq ssh
access-list outside_access_in extended permit icmp any host 201.218.218.22 object-group PING
access-list outside_access_in extended permit tcp any host 201.218.218.22 eq ftp
access-list outside_access_in extended permit tcp any host 201.218.218.22 eq www
access-list outside_access_in extended permit tcp any host 201.218.218.22 eq https
access-list outside_access_in extended permit tcp any host 201.218.218.18 eq www
access-list outside_access_in extended permit tcp any host 201.218.218.18 eq https
access-list outside_access_in extended permit tcp any host 201.218.218.17 eq 161
access-list outside_access_in extended permit udp any host 201.218.218.17 eq snmp
access-list outside_access_in extended permit tcp any host 201.218.218.26 eq 3389
access-list outside_access_in extended permit tcp any host 201.218.218.27 eq 3389
access-list outside_access_in extended permit tcp any host 201.218.218.28 eq 3389
access-list outside_access_in extended permit tcp any host 201.218.218.26 eq https
access-list outside_access_in extended permit tcp any host 201.218.218.27 eq https
access-list outside_access_in extended permit tcp any host 201.218.218.26 eq 8443
access-list outside_access_in extended permit tcp any host 201.218.218.27 eq 8443
access-list outside_access_in extended permit icmp any host 201.218.218.26 object-group PING
access-list outside_access_in extended permit icmp any host 201.218.218.27 object-group PING
access-list outside_access_in extended permit icmp any host 201.218.218.28 object-group PING
access-list outside_access_in extended permit tcp any host 201.218.218.26 eq ftp
access-list outside_access_in extended permit tcp any host 201.218.218.26 eq www
access-list outside_access_in extended permit tcp any host 201.218.218.27 eq ftp
access-list outside_access_in extended permit tcp any host 201.218.218.27 eq www
access-list outside_access_in extended permit udp any host 201.218.218.26 eq domain
access-list outside_access_in extended permit udp any host 201.218.218.27 eq domain
access-list outside_access_in extended permit tcp any host 201.218.218.26 eq domain
access-list outside_access_in extended permit tcp any host 201.218.218.27 eq domain
access-list outside_access_in extended permit icmp any host 201.218.218.41 object-group PING
access-list outside_access_in extended permit icmp any host 201.218.218.43 object-group PING
access-list outside_access_in extended permit icmp any host 201.218.218.44 object-group PING
access-list outside_access_in extended permit icmp any host 201.218.218.45 object-group PING
access-list outside_access_in extended permit icmp any host 201.218.218.42 object-group PING
access-list outside_access_in extended permit tcp any host 201.218.218.43 eq ssh
access-list outside_access_in extended permit tcp any host 201.218.218.44 eq ssh
access-list outside_access_in extended permit tcp any host 201.218.218.45 eq ssh
access-list outside_access_in extended permit icmp any host 201.218.218.46 object-group PING
access-list outside_access_in extended permit tcp any host 201.218.218.46 eq ssh
access-list outside_access_in extended permit tcp any host 201.218.218.43 eq www
access-list outside_access_in extended permit tcp any host 201.218.218.43 eq https
access-list outside_access_in extended permit tcp any host 201.218.218.44 eq www
access-list outside_access_in extended permit tcp any host 201.218.218.45 eq www
access-list outside_access_in extended permit tcp any host 201.218.218.46 eq www
access-list outside_access_in extended permit tcp any host 201.218.218.46 eq ftp
access-list outside_access_in extended permit tcp any host 201.218.218.29 eq smtp
access-list outside_access_in extended permit tcp any host 201.218.218.29 eq domain
access-list outside_access_in extended permit tcp any host 201.218.218.29 eq www
access-list outside_access_in extended permit tcp any host 201.218.218.29 eq nntp
access-list outside_access_in extended permit tcp any host 201.218.218.29 eq 2021
access-list outside_access_in extended permit tcp any host 201.218.218.29 eq 1024
access-list outside_access_in extended permit tcp any host 201.218.218.29 eq 65535
access-list outside_access_in extended permit tcp any host 201.218.218.45 eq domain
access-list outside_access_in extended permit udp any host 201.218.218.45 eq domain
access-list outside_access_in extended permit tcp any host 201.218.218.26 eq ssh
access-list outside_access_in extended permit tcp any host 201.218.218.27 eq ssh
access-list outside_access_in extended permit tcp any host 201.218.218.45 eq pop3
access-list outside_access_in extended permit tcp any host 201.218.218.45 eq imap4
access-list outside_access_in extended permit tcp any host 201.218.218.45 eq 993
access-list outside_access_in extended permit tcp any host 201.218.218.45 eq 995
access-list outside_access_in extended permit tcp any host 201.218.218.45 eq smtp
access-list outside_access_in extended permit tcp any host 201.218.218.45 eq 587
access-list outside_access_in extended permit tcp any host 201.218.218.28 eq 81
access-list outside_access_in extended permit tcp any host 201.218.218.26 eq 88
access-list outside_access_in extended permit tcp any host 201.218.218.26 eq ftp-data
access-list outside_access_in extended permit udp any host 201.218.218.26 eq 20
access-list outside_access_in extended permit tcp any host 201.218.218.27 eq 3306
access-list outside_access_in extended deny ip any any
access-list inside_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu OUT 1500
mtu IN 1500
mtu management 1500
no asdm history enable
arp timeout 14400
global (OUT) 1 201.218.218.16 netmask 255.255.255.240
nat (IN) 1 10.10.10.1 255.255.255.255
static (IN,OUT) 201.218.218.0 201.218.218.0 netmask 255.255.255.248
access-group outside_access_in in interface OUT
access-group inside_access_in in interface IN
route OUT 0.0.0.0 0.0.0.0 201.218.218.1 1
route IN 201.218.218.16 255.255.255.240 10.10.10.2 1
route IN 201.218.218.32 255.255.255.240 10.10.10.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 5
ssh timeout 5
console timeout 0
!
!
prompt hostname context
Cryptochecksum:1fe47c45815
053a38965c
2bc6e8eb9e
0
: end
SPIRIT-ISLANDA-ASA2#
Start Free Trial
