Problem FTP on ASA 5510 (port not stantard)

Hi,

I configured a dedicated server (on my LAN) just for the FTP function.
I configured many ftp ports, 21, 2101, 2102, 2103...etc...etc...

From my LAN, It works perfectly.

I configured a NAT translation on my ASA 5510. (with a rule which accepts all tcp connections)

From external, it works on the port 21,
but for the others ports,  I have always an error message during the listing of the folder...(timeout)...

The problem is the ASA...somewhere it blocks the communication....

Can you help me ?
LemosaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FideliusCommented:
Hello,

As you didn't post configuration, I assume you are mising FTP inspection on ports different than standard 21/tcp.
So you need to do the following :

class ftp_nonstandard
    match port tcp range 2101 2103
!
policy-map global_policy
    class ftp_nonstandard
        inspect ftp
!

If 2103 is not last port, replace it with final port value.
0
LemosaAuthor Commented:
Thank

Just a question...

Must i replace this policy-map or add...

class-map inspection_default
  match default-inspection-traffic

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
0
FideliusCommented:
Just add class I suggested under same policy.
0
FideliusCommented:
So, it will look something like this:

class-map inspection_default
  match default-inspection-traffic
class ftp_nonstandard
    match port tcp range 2101 2103

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
class ftp_nonstandard
  inspect ftp
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LemosaAuthor Commented:
it works..

Many thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.