Solved

Problem FTP on ASA 5510 (port not stantard)

Posted on 2014-10-30
5
403 Views
Last Modified: 2014-10-30
Hi,

I configured a dedicated server (on my LAN) just for the FTP function.
I configured many ftp ports, 21, 2101, 2102, 2103...etc...etc...

From my LAN, It works perfectly.

I configured a NAT translation on my ASA 5510. (with a rule which accepts all tcp connections)

From external, it works on the port 21,
but for the others ports,  I have always an error message during the listing of the folder...(timeout)...

The problem is the ASA...somewhere it blocks the communication....

Can you help me ?
0
Comment
Question by:Lemosa
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Fidelius
ID: 40412835
Hello,

As you didn't post configuration, I assume you are mising FTP inspection on ports different than standard 21/tcp.
So you need to do the following :

class ftp_nonstandard
    match port tcp range 2101 2103
!
policy-map global_policy
    class ftp_nonstandard
        inspect ftp
!

If 2103 is not last port, replace it with final port value.
0
 

Author Comment

by:Lemosa
ID: 40412853
Thank

Just a question...

Must i replace this policy-map or add...

class-map inspection_default
  match default-inspection-traffic

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 40412859
Just add class I suggested under same policy.
0
 
LVL 12

Accepted Solution

by:
Fidelius earned 500 total points
ID: 40412862
So, it will look something like this:

class-map inspection_default
  match default-inspection-traffic
class ftp_nonstandard
    match port tcp range 2101 2103

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
class ftp_nonstandard
  inspect ftp
0
 

Author Comment

by:Lemosa
ID: 40412927
it works..

Many thanks
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
E-mail alerts from Cisco ASA Firepower 3 47
Cisco ASA 5505 ios upgrade 6 42
No RSTP between switches 3 46
Set up wireless network on Cisco ASA 5505 with DHCP 13 49
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now