Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

ASA5510 - How to allow access to ftp site over internet from just one client

Posted on 2009-12-30
5
Medium Priority
?
577 Views
Last Modified: 2013-12-02
I have an FTP site that is only accessed via a large private WAN that interconnects most of the hospitals and clinics in our area.  We now have a client in Alaska (I'm in Washington) that is not on this private WAN, but I need to give them access to our FTP site without making it completely public.  Site to Site VPN is not an option, nor is a client based VPN unless there is a way to have it always on.

I have the outside ip address of their gateway, so I am wondering if I can assign my FTP site an outside ip address that can only be accessed by their gateway ip address, and maybe put it on some obscure port.  Is this possible?  Thanks!

Mark
0
Comment
Question by:cansib
  • 2
  • 2
5 Comments
 
LVL 58

Accepted Solution

by:
Pete Long earned 1600 total points
ID: 26149440
You must have an IP address that they can see? be that either your public IP on the outside interface or a spare public IP address,
Option 1 use your existing outside IP and port forward FTP
name 192.168.1.10 myFTPsite
name MY-Remote-FTP-person 999.999.999.999
access-list inbound extended permit tcp host MY-Remote-FTP-person interface outside eq ftp
access-group inbound in interface outside
static (inside,outside) tcp interface ftp myFTPsite ftp netmask 255.255.255.255
Option 2 use a spare public IP address (123.123.123.123)
name 192.168.1.10 myFTPsite-internal
name 123.123.123.123 myFTPsite-external
name MY-Remote-FTP-person 999.999.999.999
access-list inbound extended permit tcp host MY-Remote-FTP-person host myFTPsite-externaleq ftp
access-group inbound in interface outside
static (inside,outside) myFTPsite-external myFTPsite-internal netmask 255.255.255.255
 
After each issuse a clear xlate command, and save your hard work with a write mem command :)
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 400 total points
ID: 26160661
>>I have the outside ip address of their gateway, so I am wondering if I can assign my FTP site an outside ip address that can only be accessed by their gateway ip address, and maybe put it on some obscure port.  Is this possible?  Thanks!

Yes, you can do this without issues (just make sure with the client that they nat out using that ip when they get out to internet). Then when you do the static nat/port forwarding (with some obscure port would be a good idea). have an access-list allow access to that port only from their gateway ip. Done.

Cheers,
rsivanandan
0
 

Author Comment

by:cansib
ID: 26174102
Hi,

So does this look like it should work?

name <my-inside-ip> inside-ftp-site
name <client-outside-ip> Client-forFTP
name <outside-ip-for-my-ftp-site> FTP-External description FTP site external address
object-group service FTP2 tcp
 description FTP for outside access
 port-object eq <some-obscure-port>
access-list outside extended permit tcp host <client-outside-ip> host <outside-ip-for-my-ftp-site> object-group FTP2
static (inside,outside) tcp <outside-ip-for-my-ftp-site> FTP2 <my-inside-ip> ftp netmask 255.255.255.255
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 26177031
Yes.

Cheers,
rsivanandan
0
 

Author Closing Comment

by:cansib
ID: 31671411
Thanks!
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article was originally published on Monitis Blog, you can check it here . Today it’s fairly well known that high-performing websites and applications bring in more visitors, higher SEO, and ultimately more sales. By the same token, downtime…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question