Solved

I can't connect to ftp sites through the cisco asa 5510 firewall

Posted on 2008-10-15
4
882 Views
Last Modified: 2013-11-08
I am having problems connecting to ftp sites going through the cisco asa 5510.  I have all outbound traffic opened but it can't reach the site.  The problem is with ftp sites but for example the site I need to access now is: ftp://ftp.securityinnovation.com/.  It should ask me for a user id and password but it doesn't   I tested this from another location and it works.  I have a NAT translation setup for my machine to an external address (because all internal addresses are setup with NAT to a DMZ zone), I can ping the ftp site but ftp can't connect, not through telnet, IE.  I do a trace packet from the asa but it fails saying the access list is not allowing it eventhough I have a rule to allow outgoing and incoming IP connections to that site.

Any ideas what the problem can be?
0
Comment
Question by:Ivan_Andrade
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
stsonline earned 500 total points
Comment Utility
If your firewall is configured to perform a hide (or dynamic) NAT, you shouldn't need to assign yourself another NAT, but it won't hurt if you did. Assuming you're going from a higher security level interface to a lower level one, and assuming you don't have a 'deny any any' entry, it should work. Would you post a sanitized version of your FW config, please?
0
 
LVL 18

Expert Comment

by:decoleur
Comment Utility
check to see that you dont need to inspect ftp traffic.

the quickest way to add it from config t is to type "fixup ftp"

hope this helps,

-t
0
 

Author Comment

by:Ivan_Andrade
Comment Utility
Hi it is going from a higher level to a lower level as I can access all sites exept ftp.

The configuration is huge and I want to put here the infomration but what sections would you need from it.  I am not too comfortable pasting al lthe configuration here but i can do certain sections if you want, which parts would it work for you?
One more thing when I do a ping to the site for instance I always can see the packets when I do the debug however when I go to it using ftp, I see no traffic passing through the firewall.  With Internet explorer it just hangs.  With Firefox, it gets to teh site but I am never prompted for a user id and password.  The issue seems that I never get prompted for authentication but no errors in the debug.

Regarding fixup ftp, I tried running that command but it didn't do anything.
asaconfig.doc
0
 

Author Closing Comment

by:Ivan_Andrade
Comment Utility
I am closing the account.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
A while back when OPSMGR 2012 was released we were very excited about getting it into our environment and upgrading our 2007 implementation,  we started our planning and we then proceeded with our implementation. All went as planned & our system …
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now