Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 12466
  • Last Modified:

FTP settings on a CISCO ASA 5510 -issues with Passive mode

Background :  Cisco 5510 configured to allow all FTP(ports 20 and 21) to forward to a server in a dmz.  When tested port forwarding works fine.  Can log into the server but "browsing" fails.(command line works completely fine)  FTP server (make is Ability) is set to allow PASV on ports 1024 to 5000.  The Cisco 5510 has a setting for FTP to be in Passive Mode.  But when remote brower has internet option set to allow Passive mode, you cannot browse the files.  Remove the passive mode and it works.  I am assuming the 5510 is causing the problem even though the setting for FTP is set to passive I am assuming there are some other rules I need to set to further enable it beyond the ports 20 and 21 forwarding.  All suggestions appreciated.(servers and remote machines all Windows based using IE)
0
drewster999
Asked:
drewster999
  • 2
1 Solution
 
prashsaxCommented:
Do you have fixup defined for ftp on your ASA.

>fixup protocol ftp 21

See if you can find this in your config.
0
 
decoleurCommented:
the asa doesn't use fixup that is a legacy 6.x command... instead it uses inspect. check to see if your asa running config has a firewall policy map with inspect ftp applied to it... in your running config it could look like:


class-map inspection_default
 match default-inspection-traffic
!
!
policy-map asa_global_fw_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy asa_global_fw_policy global

this is from http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804619d8.shtml

hope this helps

-t
0
 
decoleurCommented:
interested
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now