Solved

ASA FTP config using PAT

Posted on 2007-03-19
2
928 Views
Last Modified: 2008-11-08
PIX ASA FTP configuration for a PAT config. I can't seem to figure out if I should use ASDM for this and how. Can someone provide a ASA sample config for FTP access from all outside users. What should the STATIC command look like if I'm doing PAT and not static NAT (1 to 1) for teh FTP server? Where do I specify the internal address of my FTP server. I have inpsect ftp enabled (as its on by default).

Thanks-
0
Comment
Question by:murphymail
2 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 18754054
It will look like this:

static (dmz,outside) tcp interface 21 <real_ip_address> 21 netmask 255.255.255.255

This assumes your ftp server is on an interface named "dmz", that you want to use the firewall's public interface IP address for PAT, and that <real_ip_address> is the internal IP address of your ftp server.

Of course, you'll also need the appropriate ACL applied to the outside interface to allow the traffic through, like this:

access-list acl_outside_in permit tcp any host <public_ip_of_firewall> eq ftp
access-group acl_outside_in in interface outside
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 18756089
I guess the acl needs a small change;

>>access-list acl_outside_in permit tcp any host <public_ip_of_firewall> eq ftp

access-list acl_outside_in permit tcp any interface outside eq ftp


Or if you're doing the port forward using another ip address other than the one assigned on the outside interface, the syntax remains the same;

static (inside,outside) tcp <PublicIP> 21 <real_ip_address> 21 netmask 255.255.255.255

access-list acl_outside_in permit tcp any host <PublicIP> eq ftp
access-group acl_outside_in in interface outside

Cheers,
Rajesh
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question