Solved

FTP settings on a CISCO ASA 5510 -issues with Passive mode

Posted on 2006-07-10
4
12,440 Views
Last Modified: 2012-06-27
Background :  Cisco 5510 configured to allow all FTP(ports 20 and 21) to forward to a server in a dmz.  When tested port forwarding works fine.  Can log into the server but "browsing" fails.(command line works completely fine)  FTP server (make is Ability) is set to allow PASV on ports 1024 to 5000.  The Cisco 5510 has a setting for FTP to be in Passive Mode.  But when remote brower has internet option set to allow Passive mode, you cannot browse the files.  Remove the passive mode and it works.  I am assuming the 5510 is causing the problem even though the setting for FTP is set to passive I am assuming there are some other rules I need to set to further enable it beyond the ports 20 and 21 forwarding.  All suggestions appreciated.(servers and remote machines all Windows based using IE)
0
Comment
Question by:drewster999
  • 2
4 Comments
 
LVL 13

Expert Comment

by:prashsax
ID: 17085546
Do you have fixup defined for ftp on your ASA.

>fixup protocol ftp 21

See if you can find this in your config.
0
 
LVL 18

Accepted Solution

by:
decoleur earned 125 total points
ID: 17116095
the asa doesn't use fixup that is a legacy 6.x command... instead it uses inspect. check to see if your asa running config has a firewall policy map with inspect ftp applied to it... in your running config it could look like:


class-map inspection_default
 match default-inspection-traffic
!
!
policy-map asa_global_fw_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy asa_global_fw_policy global

this is from http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804619d8.shtml

hope this helps

-t
0
 
LVL 18

Expert Comment

by:decoleur
ID: 17313957
interested
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question