Solved

FTP settings on a CISCO ASA 5510 -issues with Passive mode

Posted on 2006-07-10
4
12,442 Views
Last Modified: 2012-06-27
Background :  Cisco 5510 configured to allow all FTP(ports 20 and 21) to forward to a server in a dmz.  When tested port forwarding works fine.  Can log into the server but "browsing" fails.(command line works completely fine)  FTP server (make is Ability) is set to allow PASV on ports 1024 to 5000.  The Cisco 5510 has a setting for FTP to be in Passive Mode.  But when remote brower has internet option set to allow Passive mode, you cannot browse the files.  Remove the passive mode and it works.  I am assuming the 5510 is causing the problem even though the setting for FTP is set to passive I am assuming there are some other rules I need to set to further enable it beyond the ports 20 and 21 forwarding.  All suggestions appreciated.(servers and remote machines all Windows based using IE)
0
Comment
Question by:drewster999
  • 2
4 Comments
 
LVL 13

Expert Comment

by:prashsax
ID: 17085546
Do you have fixup defined for ftp on your ASA.

>fixup protocol ftp 21

See if you can find this in your config.
0
 
LVL 18

Accepted Solution

by:
decoleur earned 125 total points
ID: 17116095
the asa doesn't use fixup that is a legacy 6.x command... instead it uses inspect. check to see if your asa running config has a firewall policy map with inspect ftp applied to it... in your running config it could look like:


class-map inspection_default
 match default-inspection-traffic
!
!
policy-map asa_global_fw_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy asa_global_fw_policy global

this is from http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804619d8.shtml

hope this helps

-t
0
 
LVL 18

Expert Comment

by:decoleur
ID: 17313957
interested
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
OnPage: Incident management and secure messaging on your smartphone
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question