Solved

I can't connect to ftp sites through the cisco asa 5510 firewall

Posted on 2008-10-15
4
895 Views
Last Modified: 2013-11-08
I am having problems connecting to ftp sites going through the cisco asa 5510.  I have all outbound traffic opened but it can't reach the site.  The problem is with ftp sites but for example the site I need to access now is: ftp://ftp.securityinnovation.com/.  It should ask me for a user id and password but it doesn't   I tested this from another location and it works.  I have a NAT translation setup for my machine to an external address (because all internal addresses are setup with NAT to a DMZ zone), I can ping the ftp site but ftp can't connect, not through telnet, IE.  I do a trace packet from the asa but it fails saying the access list is not allowing it eventhough I have a rule to allow outgoing and incoming IP connections to that site.

Any ideas what the problem can be?
0
Comment
Question by:Ivan_Andrade
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
stsonline earned 500 total points
ID: 22724932
If your firewall is configured to perform a hide (or dynamic) NAT, you shouldn't need to assign yourself another NAT, but it won't hurt if you did. Assuming you're going from a higher security level interface to a lower level one, and assuming you don't have a 'deny any any' entry, it should work. Would you post a sanitized version of your FW config, please?
0
 
LVL 18

Expert Comment

by:decoleur
ID: 22725405
check to see that you dont need to inspect ftp traffic.

the quickest way to add it from config t is to type "fixup ftp"

hope this helps,

-t
0
 

Author Comment

by:Ivan_Andrade
ID: 22732887
Hi it is going from a higher level to a lower level as I can access all sites exept ftp.

The configuration is huge and I want to put here the infomration but what sections would you need from it.  I am not too comfortable pasting al lthe configuration here but i can do certain sections if you want, which parts would it work for you?
One more thing when I do a ping to the site for instance I always can see the packets when I do the debug however when I go to it using ftp, I see no traffic passing through the firewall.  With Internet explorer it just hangs.  With Firefox, it gets to teh site but I am never prompted for a user id and password.  The issue seems that I never get prompted for authentication but no errors in the debug.

Regarding fixup ftp, I tried running that command but it didn't do anything.
asaconfig.doc
0
 

Author Closing Comment

by:Ivan_Andrade
ID: 31506394
I am closing the account.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Router / Switch - NAT 10 43
ASA DHCP setup 5 30
Palo Alto Networks - find the sec zone 3 50
How to access and configure Cisco Air LAP1142N 3 19
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question