Solved

allow passive FTP through ASA5510

Posted on 2013-01-23
3
1,428 Views
Last Modified: 2013-01-23
Hey guys,

Ok so I've seen there are a few posts regarding this and as I'm going through checking my configs, I can't seem to get this to work.   The issue is most certainly that I'm not allowing passive ports through the firewall.  My FTP client works fine internally, but externally It connects and authenticates to the server no problem, but when running List command I get failed to retrieve directory listing.  

- How can I check if passive FTP is checked in inspect?  I am using port 2121 for FTP due to Port 21 already being used with this external Address and forwarded to another PC.
- Also I have enabled passive ports 60000 - 65535 but Im obviously missing something.  
- the FTP host is in my DMZ so maybe thats part of the problem I'm not setting up my ACL correctly?

What do you need from me to help?
0
Comment
Question by:regmandy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
3 Comments
 

Author Comment

by:regmandy
ID: 38811066
Show class-map
class-map global-class
class-map class_ftp
class-map ftp-class
 match port tcp eq 2121
class-map inspection_default
 match default-inspection-traffic
class-map global-class1
 match access-list global_mpc
0
 

Author Comment

by:regmandy
ID: 38812067
side note, when I have MasqueradeAddress turned on, internal or external won't work.. when masqueradeAddress is off, internal works, external doens't.  this is what maps the server to the public IP.. so the issue has to be with my firewall rules not accepting the passive ports.  I set the passive ports on the server to use 60000 - 60001.
0
 

Accepted Solution

by:
regmandy earned 0 total points
ID: 38812149
ok I resolved it myself.  the issue was most certainly the rules.  by setting the port to a minimum 60000-60001 I just sent the proper port in the NAt Rules for the correct interface and it seems to be working outside.  It's not working inside, but I can mess with that in the morning..  possibly an issue with mapping the internal IP from the LAN to use the external IP in the passive mode..

tks all
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DHCP default-router command 1 29
Changing VLAN information 3 48
Tool to test the firewall  protection 9 86
Cisco ASA 5510 Question 2 28
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question