• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 732
  • Last Modified:

FTP through ASA 5510

I have an internal server (IP address 10.0.0.4) running filezilla ftp server.... I find the need for a client to be able to reach this server from outside via ftp... I have the public IP of 200.200.200.200 that I will use as the static IP using
static (inside,Outside) 200.200.200.200 10.0.0.4 netmask 255.255.255.255

I have also configured the access list to allow port 21 in to the public address using...
access-list Outside_access_in extended permit tcp any host 200.200.200.200 eq 21

however I'm not able to reach the ftp site from the outside... I know I probably need to open ports 1024 to 65000 because ftp uses random ports.... but is that the case??  I just need probably 2 people to be able to have access.... is there a way to get this done without opening every port???

thanks
Randy
0
rhcellxion
Asked:
rhcellxion
1 Solution
 
predragpetrovicCommented:
hi,

you should do the following:

> that is for the nat
static (inside,outside) 200.200.200.200 10.0.0.4 netmask 255.255.255.255

> access-list
access-list outside_access_in extended permit tcp any host 200.200.200.200 eq ftp
access-list outside_access_in extended permit tcp any host 200.200.200.200 eq ftp-data

> configure the policy inspection
policy-map global_policy
class inspection_default
inspect ftp

> apply the access-list to an interface
access-group outside_access_in in interface outside

predrag

0
 
Hind987Commented:
Hi,

Private port for FTP is port 21.
Public port for FTP is from 1024 to 65536 ( Here u have choose on port to access from public network )

Regarding access permission to limited user. When u r adding the folder to ftp server. Here it ask use to create user name password. Create a user and strong password and give them to user's to whom u what to give access of ftp folder.
0
 
rhcellxionAuthor Commented:
perfect... thanks
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now