Solved

Cisco ASA incoming FTP connections problem when "inspect" IS enabled.

Posted on 2008-06-16
7
1,099 Views
Last Modified: 2008-09-27
Hi All.

We have a Cisco ASA 5505 providing security for 2x servers in a data-centre. The servers behind the firewall both host FTP servers of their own and connect outbound to other FTP servers.

First problem we had was FTP from the internet to the servers was not working. We got rid of the "inspect ftp" statement - and all was fine. This unfortunatly causes problems with FTP connects these servers make to other servers out on the internet.

Any advise would be apprechiated.


Cheers,
0
Comment
Question by:SynergyWorks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 

Author Comment

by:SynergyWorks
ID: 21793240
Hi.

I have re-enabled inspect FTP and this gives me working FTP out to the internet... and allows clients to connect to our servers using active FTP only. Passive fails.

How the heck do we get passive to go through this ASA 5505? I have enabed the FTP servet to use Passive ports 32000 > 33000 and forwarded these in the ASA.


Cheers,

Rob
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 21793336
In addition to the above;

(config)#ftp mode passive
0
 

Author Comment

by:SynergyWorks
ID: 21793349
ftp mode passive is already present :(

Note: If I remove the 'inspect ftp' statement - all works fine (Passive & Active) but the servers then can't access other FTP sites out on the internet. It fails at the port command.
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 7

Expert Comment

by:naughton
ID: 21797248
have you permitted both ftp and ftp-data into the firewall>
0
 

Author Comment

by:SynergyWorks
ID: 21797257
Yup.

If I remove "inspect ftp" statement... all works fine... (passive and active ftp to our server) but I need to keep that statement so us downloading things from the internet (ISO mirrors etc) still works.


Cheers,
0
 
LVL 1

Expert Comment

by:bkrontz
ID: 22239879
I'm having the same issues. Ugh.
0
 

Accepted Solution

by:
SynergyWorks earned 0 total points
ID: 22538529
For us a change of FTP server software seemed to work. I guess it was crap software not doing what it should and upsetting the firewall.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Botnet detection help me please 21 150
ASA Tunnel 18 49
VLAN Question 13 60
SonicWall NSA 3600, Geo-IP Filter & blocking sites 2 73
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question