ASA 5510 on FTP Downloads "The address translation slot was deleted."

Posted on 2011-02-28
Medium Priority
Last Modified: 2012-05-11

I am putting a ASA5510 in front of a ISA Server 2004 with Websense and having a problem with downloading anything via FTP.

Here are my test results:
1) When I go out through a PC directly to the ASA I can download FTP files and all other web content.
2) When I go out through a PC directly to the ISA then out to the internet everything works fine.
3) When I go out through a PC directly to the ISA then through the firewall I can't download FTP files. All other web content works fine.

I receive the following errors from Test 3):


6      Feb 27 2011      23:31:51        20699      1538      Teardown dynamic TCP translation from inside: to FIOS:x.x.x.x(my public IP)/1538 duration 0:00:30

I'm doing NAT on my ASA and apparently on my ISA. I believe this is the issue. The ASA has a public IP. Between the inside ISA  port and outside ASA port I have a private nework with the range 172.20.2.x. The inside network where the PC's reside and inside port of the ISA are on 10.35.208.x
Question by:First Last
  • 3

Author Comment

by:First Last
ID: 34998918
Sorry - the ISA server is giving the following error on FTP downloads from IE:

ISA Server: extended error message :
200 Type set to I.
500 Illegal PORT Command


Expert Comment

ID: 34999273
You should try to turn on inspection of ftp-traffic in ASA.
If you have a global policy in tha ASA-config, just add "inspect ftp" to it.
Look for a command like "service-policy xxxx global" and add it there.

Here is how you add a global policy with ftp-inspection from scratch:

policy-map global_policy
 class inspection_default
  inspect ftp
service-policy global_policy global


Accepted Solution

First Last earned 0 total points
ID: 35007153
The Websense ISA Server isn't supposed to be inline with the Cisco ASA. I found this article below that describes how to use the url filtering feature of the ASA to reach out to Websense.

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question