nkuo
asked on
FTP connection drops when using an FTP client
Hi,
Using IIS as FTP server. Sitting behind an ASA 5510. From the inside, all FTP functioanlity works fine. From the outside: Can connect to FTP using low level client like windows command prompt. Am able to put files and retrieve dirctory listing. However when I use an FTP client, the client is not able to retrive directory listing and gets disconnected from the server. On the ASA, both incoming FTP and FTP data is allowed. I'm not a networking person so please reply in newbie language. Below is the running config
Using IIS as FTP server. Sitting behind an ASA 5510. From the inside, all FTP functioanlity works fine. From the outside: Can connect to FTP using low level client like windows command prompt. Am able to put files and retrieve dirctory listing. However when I use an FTP client, the client is not able to retrive directory listing and gets disconnected from the server. On the ASA, both incoming FTP and FTP data is allowed. I'm not a networking person so please reply in newbie language. Below is the running config
ASA Version 7.2(2)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password e/B.SxSFWffDPrii encrypted
names
name 192.168.x.x Server4
!
interface Ethernet0/0
nameif Inside
security-level 100
ip address 192.168.x.x 255.255.255.0
!
interface Ethernet0/1
nameif Outside
security-level 0
ip address x.x.x.x 255.255.255.x
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.x.x 255.255.255.0
management-only
!
passwd e/B.SxSFWffDPrii encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list Outside_access_in extended permit tcp any interface Outside eq www
access-list Outside_access_in extended permit tcp any interface Outside eq 8000
access-list Outside_access_in extended permit icmp any any
access-list Outside_access_in extended permit tcp any interface Outside eq ssh
access-list Outside_access_in extended permit tcp any interface Outside eq smtp
access-list Outside_access_in extended permit tcp any interface Outside eq https
access-list Outside_access_in extended permit tcp any interface Outside eq ftp-data
access-list Outside_access_in extended permit tcp any interface Outside eq ftp
access-list rauantiques_splitTunnelAcl standard permit 192.168.x.x 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.x.x 255.255.255.0
pager lines 24
logging console debugging
logging monitor debugging
logging buffered debugging
logging asdm debugging
logging mail debugging
logging from-address xx@xx.com
logging recipient-address xx@xx.com level errors
logging queue 2048
logging host Inside 192.168.x.x
logging debug-trace
mtu Inside 1500
mtu Outside 1500
mtu management 1500
ip local pool VPN 192.168.x.1-192.168.x.254 mask 255.255.255.0
ip verify reverse-path interface Outside
ip audit name Attack_Policy attack action drop
ip audit name Information_Policy info action drop
ip audit interface Inside Information_Policy
ip audit interface Inside Attack_Policy
ip audit interface Outside Information_Policy
ip audit interface Outside Attack_Policy
ip audit signature 2000 disable
ip audit signature 2004 disable
no failover
monitor-interface Inside
monitor-interface Outside
monitor-interface management
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Inside
icmp permit any Outside
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (Outside) 101 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 101 0.0.0.0 0.0.0.0
nat (Outside) x. x.x.x.0 255.255.255.0
static (Inside,Outside) tcp interface www x. x.x.xwww netmask 255.255.255.255
static (Inside,Outside) tcp interface smtp x. x.x.x smtp netmask 255.255.255.255
static (Inside,Outside) tcp interface 8000 x. x.x.x 8000 netmask 255.255.255.255
static (Inside,Outside) tcp interface ssh x. x.x.x ssh netmask 255.255.255.255
static (Inside,Outside) tcp interface https x. x.x.xhttps netmask 255.255.255.255
static (Inside,Outside) tcp interface ftp x. x.x.x ftp netmask 255.255.255.255
access-group Outside_access_in in interface Outside
route Outside 0.0.0.0 0.0.0.0 x. x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy rauantiques internal
group-policy rauantiques attributes
wins-server value x. x.x.x
dns-server value x. x.x.x
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value rauantiques_splitTunnelAcl
username user password fYlEpAtWJnS1QAz/ encrypted privilege 0
username user password xbf0eci.L9L5uglP encrypted privilege 0
username user password 05VeMFV0C.UNGVeb encrypted
username user password eOpQITbgG0Yjb6SC encrypted
username user attributes
vpn-group-policy group-name
username user password QtMyOpE2oRyOBvpI encrypted
username user password vlwYDlXXO13xuIYF encrypted
username user attributes
password-storage enable
username user password FuTVOkGzaQ0JNEHV encrypted
username user password RXO/YnVONLEB.0f8 encrypted
username user attributes
password-storage enable
username user password BS8Oyvw5wXIhSD87 encrypted privilege 0
username user password 5AyCetolX9uV7Hbv encrypted
username user password b7oVpmDQHhLJZ46Y encrypted
username user password nY9fTifcyiIUjOVr encrypted
username user attributes
password-storage enable
username user password .htTxxdaIki.nd/U encrypted privilege 0
username user password TC8ZGXszokzQG36Y encrypted
username user attributes
vpn-group-policy group-name
username user password J9kEVfBS29so3IkM encrypted privilege 0
username user password mA17QA7WOZkYNtre encrypted privilege 0
username user password BfV28gmkHUipz7db encrypted
username user password At66XGsJDLX8dgJh encrypted
username user attributes
password-storage enable
username user password RujCWulEC1Qps.iK encrypted privilege 0
username user attributes
vpn-group-policy group-name
username user password y6f0V8tl0Nweem0I encrypted
http server enable
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map Outside_dyn_map 20 set pfs
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group rauantiques type ipsec-ra
tunnel-group rauantiques general-attributes
address-pool VPN
default-group-policy rauantiques
tunnel-group group-name ipsec-attributes
pre-shared-key *
telnet 0.0.0.0 0.0.0.0 Inside
telnet timeout 1440
ssh timeout 60
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
!
class-map global-class
match port tcp eq www
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global-policy
class global-class
csc fail-open
!
service-policy global-policy global
prompt hostname context
Cryptochecksum:0ec057a1728ee039ca14710681336505
: end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.