Solved

FTP settings on a CISCO ASA 5510 -issues with Passive mode

Posted on 2006-07-10
4
12,429 Views
Last Modified: 2012-06-27
Background :  Cisco 5510 configured to allow all FTP(ports 20 and 21) to forward to a server in a dmz.  When tested port forwarding works fine.  Can log into the server but "browsing" fails.(command line works completely fine)  FTP server (make is Ability) is set to allow PASV on ports 1024 to 5000.  The Cisco 5510 has a setting for FTP to be in Passive Mode.  But when remote brower has internet option set to allow Passive mode, you cannot browse the files.  Remove the passive mode and it works.  I am assuming the 5510 is causing the problem even though the setting for FTP is set to passive I am assuming there are some other rules I need to set to further enable it beyond the ports 20 and 21 forwarding.  All suggestions appreciated.(servers and remote machines all Windows based using IE)
0
Comment
Question by:drewster999
  • 2
4 Comments
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Do you have fixup defined for ftp on your ASA.

>fixup protocol ftp 21

See if you can find this in your config.
0
 
LVL 18

Accepted Solution

by:
decoleur earned 125 total points
Comment Utility
the asa doesn't use fixup that is a legacy 6.x command... instead it uses inspect. check to see if your asa running config has a firewall policy map with inspect ftp applied to it... in your running config it could look like:


class-map inspection_default
 match default-inspection-traffic
!
!
policy-map asa_global_fw_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy asa_global_fw_policy global

this is from http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804619d8.shtml

hope this helps

-t
0
 
LVL 18

Expert Comment

by:decoleur
Comment Utility
interested
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now