• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 983
  • Last Modified:

I can't connect to ftp sites through the cisco asa 5510 firewall

I am having problems connecting to ftp sites going through the cisco asa 5510.  I have all outbound traffic opened but it can't reach the site.  The problem is with ftp sites but for example the site I need to access now is: ftp://ftp.securityinnovation.com/.  It should ask me for a user id and password but it doesn't   I tested this from another location and it works.  I have a NAT translation setup for my machine to an external address (because all internal addresses are setup with NAT to a DMZ zone), I can ping the ftp site but ftp can't connect, not through telnet, IE.  I do a trace packet from the asa but it fails saying the access list is not allowing it eventhough I have a rule to allow outgoing and incoming IP connections to that site.

Any ideas what the problem can be?
  • 2
1 Solution
If your firewall is configured to perform a hide (or dynamic) NAT, you shouldn't need to assign yourself another NAT, but it won't hurt if you did. Assuming you're going from a higher security level interface to a lower level one, and assuming you don't have a 'deny any any' entry, it should work. Would you post a sanitized version of your FW config, please?
check to see that you dont need to inspect ftp traffic.

the quickest way to add it from config t is to type "fixup ftp"

hope this helps,

Ivan_AndradeAuthor Commented:
Hi it is going from a higher level to a lower level as I can access all sites exept ftp.

The configuration is huge and I want to put here the infomration but what sections would you need from it.  I am not too comfortable pasting al lthe configuration here but i can do certain sections if you want, which parts would it work for you?
One more thing when I do a ping to the site for instance I always can see the packets when I do the debug however when I go to it using ftp, I see no traffic passing through the firewall.  With Internet explorer it just hangs.  With Firefox, it gets to teh site but I am never prompted for a user id and password.  The issue seems that I never get prompted for authentication but no errors in the debug.

Regarding fixup ftp, I tried running that command but it didn't do anything.
Ivan_AndradeAuthor Commented:
I am closing the account.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now