Problem FTP on ASA 5510 (port not stantard)
Hi,
I configured a dedicated server (on my LAN) just for the FTP function.
I configured many ftp ports, 21, 2101, 2102, 2103...etc...etc...
From my LAN, It works perfectly.
I configured a NAT translation on my ASA 5510. (with a rule which accepts all tcp connections)
From external, it works on the port 21,
but for the others ports, I have always an error message during the listing of the folder...(timeout)...
The problem is the ASA...somewhere it blocks the communication....
Can you help me ?
I configured a dedicated server (on my LAN) just for the FTP function.
I configured many ftp ports, 21, 2101, 2102, 2103...etc...etc...
From my LAN, It works perfectly.
I configured a NAT translation on my ASA 5510. (with a rule which accepts all tcp connections)
From external, it works on the port 21,
but for the others ports, I have always an error message during the listing of the folder...(timeout)...
The problem is the ASA...somewhere it blocks the communication....
Can you help me ?
ASKER
Thank
Just a question...
Must i replace this policy-map or add...
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
Just a question...
Must i replace this policy-map or add...
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
Just add class I suggested under same policy.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
it works..
Many thanks
Many thanks
As you didn't post configuration, I assume you are mising FTP inspection on ports different than standard 21/tcp.
So you need to do the following :
class ftp_nonstandard
match port tcp range 2101 2103
!
policy-map global_policy
class ftp_nonstandard
inspect ftp
!
If 2103 is not last port, replace it with final port value.