?
Solved

Problem FTP on ASA 5510 (port not stantard)

Posted on 2014-10-30
5
Medium Priority
?
425 Views
Last Modified: 2014-10-30
Hi,

I configured a dedicated server (on my LAN) just for the FTP function.
I configured many ftp ports, 21, 2101, 2102, 2103...etc...etc...

From my LAN, It works perfectly.

I configured a NAT translation on my ASA 5510. (with a rule which accepts all tcp connections)

From external, it works on the port 21,
but for the others ports,  I have always an error message during the listing of the folder...(timeout)...

The problem is the ASA...somewhere it blocks the communication....

Can you help me ?
0
Comment
Question by:Lemosa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Fidelius
ID: 40412835
Hello,

As you didn't post configuration, I assume you are mising FTP inspection on ports different than standard 21/tcp.
So you need to do the following :

class ftp_nonstandard
    match port tcp range 2101 2103
!
policy-map global_policy
    class ftp_nonstandard
        inspect ftp
!

If 2103 is not last port, replace it with final port value.
0
 

Author Comment

by:Lemosa
ID: 40412853
Thank

Just a question...

Must i replace this policy-map or add...

class-map inspection_default
  match default-inspection-traffic

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 40412859
Just add class I suggested under same policy.
0
 
LVL 12

Accepted Solution

by:
Fidelius earned 2000 total points
ID: 40412862
So, it will look something like this:

class-map inspection_default
  match default-inspection-traffic
class ftp_nonstandard
    match port tcp range 2101 2103

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
class ftp_nonstandard
  inspect ftp
0
 

Author Comment

by:Lemosa
ID: 40412927
it works..

Many thanks
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month13 days, 19 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question