Solved

Problem FTP on ASA 5510 (port not stantard)

Posted on 2014-10-30
5
405 Views
Last Modified: 2014-10-30
Hi,

I configured a dedicated server (on my LAN) just for the FTP function.
I configured many ftp ports, 21, 2101, 2102, 2103...etc...etc...

From my LAN, It works perfectly.

I configured a NAT translation on my ASA 5510. (with a rule which accepts all tcp connections)

From external, it works on the port 21,
but for the others ports,  I have always an error message during the listing of the folder...(timeout)...

The problem is the ASA...somewhere it blocks the communication....

Can you help me ?
0
Comment
Question by:Lemosa
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Fidelius
ID: 40412835
Hello,

As you didn't post configuration, I assume you are mising FTP inspection on ports different than standard 21/tcp.
So you need to do the following :

class ftp_nonstandard
    match port tcp range 2101 2103
!
policy-map global_policy
    class ftp_nonstandard
        inspect ftp
!

If 2103 is not last port, replace it with final port value.
0
 

Author Comment

by:Lemosa
ID: 40412853
Thank

Just a question...

Must i replace this policy-map or add...

class-map inspection_default
  match default-inspection-traffic

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 40412859
Just add class I suggested under same policy.
0
 
LVL 12

Accepted Solution

by:
Fidelius earned 500 total points
ID: 40412862
So, it will look something like this:

class-map inspection_default
  match default-inspection-traffic
class ftp_nonstandard
    match port tcp range 2101 2103

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
class ftp_nonstandard
  inspect ftp
0
 

Author Comment

by:Lemosa
ID: 40412927
it works..

Many thanks
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question