[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

I can't connect to ftp sites through the cisco asa 5510 firewall

Posted on 2008-10-15
4
Medium Priority
?
969 Views
Last Modified: 2013-11-08
I am having problems connecting to ftp sites going through the cisco asa 5510.  I have all outbound traffic opened but it can't reach the site.  The problem is with ftp sites but for example the site I need to access now is: ftp://ftp.securityinnovation.com/.  It should ask me for a user id and password but it doesn't   I tested this from another location and it works.  I have a NAT translation setup for my machine to an external address (because all internal addresses are setup with NAT to a DMZ zone), I can ping the ftp site but ftp can't connect, not through telnet, IE.  I do a trace packet from the asa but it fails saying the access list is not allowing it eventhough I have a rule to allow outgoing and incoming IP connections to that site.

Any ideas what the problem can be?
0
Comment
Question by:Ivan_Andrade
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
stsonline earned 1500 total points
ID: 22724932
If your firewall is configured to perform a hide (or dynamic) NAT, you shouldn't need to assign yourself another NAT, but it won't hurt if you did. Assuming you're going from a higher security level interface to a lower level one, and assuming you don't have a 'deny any any' entry, it should work. Would you post a sanitized version of your FW config, please?
0
 
LVL 18

Expert Comment

by:decoleur
ID: 22725405
check to see that you dont need to inspect ftp traffic.

the quickest way to add it from config t is to type "fixup ftp"

hope this helps,

-t
0
 

Author Comment

by:Ivan_Andrade
ID: 22732887
Hi it is going from a higher level to a lower level as I can access all sites exept ftp.

The configuration is huge and I want to put here the infomration but what sections would you need from it.  I am not too comfortable pasting al lthe configuration here but i can do certain sections if you want, which parts would it work for you?
One more thing when I do a ping to the site for instance I always can see the packets when I do the debug however when I go to it using ftp, I see no traffic passing through the firewall.  With Internet explorer it just hangs.  With Firefox, it gets to teh site but I am never prompted for a user id and password.  The issue seems that I never get prompted for authentication but no errors in the debug.

Regarding fixup ftp, I tried running that command but it didn't do anything.
asaconfig.doc
0
 

Author Closing Comment

by:Ivan_Andrade
ID: 31506394
I am closing the account.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question