?
Solved

ASA FTP config using PAT

Posted on 2007-03-19
2
Medium Priority
?
935 Views
Last Modified: 2008-11-08
PIX ASA FTP configuration for a PAT config. I can't seem to figure out if I should use ASDM for this and how. Can someone provide a ASA sample config for FTP access from all outside users. What should the STATIC command look like if I'm doing PAT and not static NAT (1 to 1) for teh FTP server? Where do I specify the internal address of my FTP server. I have inpsect ftp enabled (as its on by default).

Thanks-
0
Comment
Question by:murphymail
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 18754054
It will look like this:

static (dmz,outside) tcp interface 21 <real_ip_address> 21 netmask 255.255.255.255

This assumes your ftp server is on an interface named "dmz", that you want to use the firewall's public interface IP address for PAT, and that <real_ip_address> is the internal IP address of your ftp server.

Of course, you'll also need the appropriate ACL applied to the outside interface to allow the traffic through, like this:

access-list acl_outside_in permit tcp any host <public_ip_of_firewall> eq ftp
access-group acl_outside_in in interface outside
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 1500 total points
ID: 18756089
I guess the acl needs a small change;

>>access-list acl_outside_in permit tcp any host <public_ip_of_firewall> eq ftp

access-list acl_outside_in permit tcp any interface outside eq ftp


Or if you're doing the port forward using another ip address other than the one assigned on the outside interface, the syntax remains the same;

static (inside,outside) tcp <PublicIP> 21 <real_ip_address> 21 netmask 255.255.255.255

access-list acl_outside_in permit tcp any host <PublicIP> eq ftp
access-group acl_outside_in in interface outside

Cheers,
Rajesh
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question