• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 732
  • Last Modified:

FTP through ASA 5510

I have an internal server (IP address running filezilla ftp server.... I find the need for a client to be able to reach this server from outside via ftp... I have the public IP of that I will use as the static IP using
static (inside,Outside) netmask

I have also configured the access list to allow port 21 in to the public address using...
access-list Outside_access_in extended permit tcp any host eq 21

however I'm not able to reach the ftp site from the outside... I know I probably need to open ports 1024 to 65000 because ftp uses random ports.... but is that the case??  I just need probably 2 people to be able to have access.... is there a way to get this done without opening every port???

1 Solution

you should do the following:

> that is for the nat
static (inside,outside) netmask

> access-list
access-list outside_access_in extended permit tcp any host eq ftp
access-list outside_access_in extended permit tcp any host eq ftp-data

> configure the policy inspection
policy-map global_policy
class inspection_default
inspect ftp

> apply the access-list to an interface
access-group outside_access_in in interface outside



Private port for FTP is port 21.
Public port for FTP is from 1024 to 65536 ( Here u have choose on port to access from public network )

Regarding access permission to limited user. When u r adding the folder to ftp server. Here it ask use to create user name password. Create a user and strong password and give them to user's to whom u what to give access of ftp folder.
rhcellxionAuthor Commented:
perfect... thanks

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now