[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

ASA FTP config using PAT

Posted on 2007-03-19
2
Medium Priority
?
939 Views
Last Modified: 2008-11-08
PIX ASA FTP configuration for a PAT config. I can't seem to figure out if I should use ASDM for this and how. Can someone provide a ASA sample config for FTP access from all outside users. What should the STATIC command look like if I'm doing PAT and not static NAT (1 to 1) for teh FTP server? Where do I specify the internal address of my FTP server. I have inpsect ftp enabled (as its on by default).

Thanks-
0
Comment
Question by:murphymail
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 18754054
It will look like this:

static (dmz,outside) tcp interface 21 <real_ip_address> 21 netmask 255.255.255.255

This assumes your ftp server is on an interface named "dmz", that you want to use the firewall's public interface IP address for PAT, and that <real_ip_address> is the internal IP address of your ftp server.

Of course, you'll also need the appropriate ACL applied to the outside interface to allow the traffic through, like this:

access-list acl_outside_in permit tcp any host <public_ip_of_firewall> eq ftp
access-group acl_outside_in in interface outside
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 1500 total points
ID: 18756089
I guess the acl needs a small change;

>>access-list acl_outside_in permit tcp any host <public_ip_of_firewall> eq ftp

access-list acl_outside_in permit tcp any interface outside eq ftp


Or if you're doing the port forward using another ip address other than the one assigned on the outside interface, the syntax remains the same;

static (inside,outside) tcp <PublicIP> 21 <real_ip_address> 21 netmask 255.255.255.255

access-list acl_outside_in permit tcp any host <PublicIP> eq ftp
access-group acl_outside_in in interface outside

Cheers,
Rajesh
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question