Advertisement

03.04.2008 at 07:11AM PST, ID: 23212803
[x]
Attachment Details

Cisco 5505 allow ftp outside access

Asked by ppatter in Cisco PIX Firewall

Tags: Cisco, ASA 5505

Novice question.   I am trying to configure Cisco ASA 5505 to allow inbound public FTP access.  
Outbound traffic is working fine.
Inside FTP server is 192.168.111.132
Outside WAN IP is xxx.xxx.192.85
Packet Tracer says access list issue.
Thanks in advance.

Here is the configuration......

ASA Version 8.0(2)
!
hostname xxxxxxxx
domain-name xxxxxxxxx.com
enable password szmGGCeS8BHZjDCd encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.111.1 255.255.255.0
 ospf cost 10
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xxx.xxx.192.85 255.255.255.0
 ospf cost 10
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
 name-server xxx.xxx.xxx.xxx
 name-server xxx.xxx.xxx.xxx
 domain-name xxxxxxxx.com
access-list outside_in extended permit tcp any interface outside eq ftp
access-list inside_access_in extended permit ip any any
access-list inside extended permit icmp any any echo-reply
access-list outside_access_in extended permit tcp any host 192.168.111.132 eq ftp
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) xxx.xxx.192.85 192.168.111.132 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.192.81 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.111.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
console timeout 0
dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
dhcpd option 3 ip 192.168.111.1
!
dhcpd address 192.168.111.20-192.168.111.120 inside
dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx interface inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics
!
class-map class_ftp
 match port tcp eq ftp-data
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
 class class_ftp
  inspect ftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:b0bdb5a3efa39c89488d80528b7d25e8
: end
Start Free Trial
[+][-]03.04.2008 at 07:16AM PST, ID: 21041713

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.04.2008 at 08:24AM PST, ID: 21042370

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zone: Cisco PIX Firewall
Tags: Cisco, ASA 5505
Sign Up Now!
Solution Provided By: aconaway1
Participating Experts: 3
Solution Grade: A
 
 
[+][-]03.04.2008 at 08:54AM PST, ID: 21042672

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]03.04.2008 at 09:19AM PST, ID: 21042896

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.04.2008 at 10:20AM PST, ID: 21043478

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.04.2008 at 10:29AM PST, ID: 21043556

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.04.2008 at 12:40PM PST, ID: 21044877

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.04.2008 at 02:28PM PST, ID: 21045822

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.04.2008 at 06:58PM PST, ID: 21047339

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]03.05.2008 at 05:39AM PST, ID: 21050130

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.05.2008 at 05:52AM PST, ID: 21050228

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.05.2008 at 06:16AM PST, ID: 21050428

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]03.05.2008 at 10:11AM PST, ID: 21052823

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628