Solved

FTP connection drops when using an FTP client

Posted on 2009-04-14
1
305 Views
Last Modified: 2013-12-09
Hi,
Using IIS as FTP server.  Sitting behind an ASA 5510. From the inside, all FTP functioanlity works fine.  From the outside: Can connect to FTP using low level client like windows command prompt.  Am able to put files and retrieve dirctory listing.  However when I use an FTP client, the client is not able to retrive directory listing and gets disconnected from the server.  On the ASA, both incoming FTP and FTP data is allowed.  I'm not a networking person so please reply in newbie language.  Below is the running config
ASA Version 7.2(2) 
!
hostname ciscoasa
domain-name default.domain.invalid
enable password e/B.SxSFWffDPrii encrypted
names
name 192.168.x.x Server4
!
interface Ethernet0/0
 nameif Inside
 security-level 100
 ip address 192.168.x.x 255.255.255.0 
!
interface Ethernet0/1
 nameif Outside
 security-level 0
 ip address x.x.x.x  255.255.255.x
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.x.x 255.255.255.0 
 management-only
!
passwd e/B.SxSFWffDPrii encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
access-list Outside_access_in extended permit tcp any interface Outside eq www 
access-list Outside_access_in extended permit tcp any interface Outside eq 8000 
access-list Outside_access_in extended permit icmp any any 
access-list Outside_access_in extended permit tcp any interface Outside eq ssh 
access-list Outside_access_in extended permit tcp any interface Outside eq smtp 
access-list Outside_access_in extended permit tcp any interface Outside eq https 
access-list Outside_access_in extended permit tcp any interface Outside eq ftp-data 
access-list Outside_access_in extended permit tcp any interface Outside eq ftp 
access-list rauantiques_splitTunnelAcl standard permit 192.168.x.x 255.255.255.0 
access-list Inside_nat0_outbound extended permit ip any 192.168.x.x 255.255.255.0 
pager lines 24
logging console debugging
logging monitor debugging
logging buffered debugging
logging asdm debugging
logging mail debugging
logging from-address xx@xx.com
logging recipient-address xx@xx.com level errors
logging queue 2048
logging host Inside 192.168.x.x
logging debug-trace
mtu Inside 1500
mtu Outside 1500
mtu management 1500
ip local pool VPN 192.168.x.1-192.168.x.254 mask 255.255.255.0
ip verify reverse-path interface Outside
ip audit name Attack_Policy attack action drop
ip audit name Information_Policy info action drop
ip audit interface Inside Information_Policy
ip audit interface Inside Attack_Policy
ip audit interface Outside Information_Policy
ip audit interface Outside Attack_Policy
ip audit signature 2000 disable
ip audit signature 2004 disable
no failover
monitor-interface Inside
monitor-interface Outside
monitor-interface management
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Inside
icmp permit any Outside
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (Outside) 101 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 101 0.0.0.0 0.0.0.0
nat (Outside) x. x.x.x.0 255.255.255.0
static (Inside,Outside) tcp interface www x. x.x.xwww netmask 255.255.255.255 
static (Inside,Outside) tcp interface smtp x. x.x.x smtp netmask 255.255.255.255 
static (Inside,Outside) tcp interface 8000 x. x.x.x 8000 netmask 255.255.255.255 
static (Inside,Outside) tcp interface ssh x. x.x.x ssh netmask 255.255.255.255 
static (Inside,Outside) tcp interface https x. x.x.xhttps netmask 255.255.255.255 
static (Inside,Outside) tcp interface ftp x. x.x.x ftp netmask 255.255.255.255 
access-group Outside_access_in in interface Outside
route Outside 0.0.0.0 0.0.0.0 x. x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy rauantiques internal
group-policy rauantiques attributes
 wins-server value x. x.x.x
 dns-server value x. x.x.x
 vpn-tunnel-protocol IPSec 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value rauantiques_splitTunnelAcl
username user password fYlEpAtWJnS1QAz/ encrypted privilege 0
username user  password xbf0eci.L9L5uglP encrypted privilege 0
username user  password 05VeMFV0C.UNGVeb encrypted
username user  password eOpQITbgG0Yjb6SC encrypted
username user attributes
 vpn-group-policy group-name
username user  password QtMyOpE2oRyOBvpI encrypted
username user  password vlwYDlXXO13xuIYF encrypted
username user attributes
 password-storage enable
username user  password FuTVOkGzaQ0JNEHV encrypted
username user  password RXO/YnVONLEB.0f8 encrypted
username user  attributes
 password-storage enable
username user  password BS8Oyvw5wXIhSD87 encrypted privilege 0
username user  password 5AyCetolX9uV7Hbv encrypted
username user password b7oVpmDQHhLJZ46Y encrypted
username user password nY9fTifcyiIUjOVr encrypted
username user attributes
 password-storage enable
username user  password .htTxxdaIki.nd/U encrypted privilege 0
username user  password TC8ZGXszokzQG36Y encrypted
username user attributes
 vpn-group-policy group-name
username user password J9kEVfBS29so3IkM encrypted privilege 0
username user  password mA17QA7WOZkYNtre encrypted privilege 0
username user password BfV28gmkHUipz7db encrypted
username user  password At66XGsJDLX8dgJh encrypted
username user attributes
 password-storage enable
username user  password RujCWulEC1Qps.iK encrypted privilege 0
username user  attributes
 vpn-group-policy group-name
username user password y6f0V8tl0Nweem0I encrypted
http server enable
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto dynamic-map Outside_dyn_map 20 set pfs 
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
tunnel-group rauantiques type ipsec-ra
tunnel-group rauantiques general-attributes
 address-pool VPN
 default-group-policy rauantiques
tunnel-group group-name ipsec-attributes
 pre-shared-key *
telnet 0.0.0.0 0.0.0.0 Inside
telnet timeout 1440
ssh timeout 60
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
!
class-map global-class
 match port tcp eq www
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global-policy
 class global-class
  csc fail-open
!
service-policy global-policy global
prompt hostname context 
Cryptochecksum:0ec057a1728ee039ca14710681336505
: end

Open in new window

0
Comment
Question by:nkuo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
nkuo earned 0 total points
ID: 24140279
Hi, was able to resolve this.  had to issue a fixup protocal command.  
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question