Solved

Problem FTP on ASA 5510 (port not stantard)

Posted on 2014-10-30
5
419 Views
Last Modified: 2014-10-30
Hi,

I configured a dedicated server (on my LAN) just for the FTP function.
I configured many ftp ports, 21, 2101, 2102, 2103...etc...etc...

From my LAN, It works perfectly.

I configured a NAT translation on my ASA 5510. (with a rule which accepts all tcp connections)

From external, it works on the port 21,
but for the others ports,  I have always an error message during the listing of the folder...(timeout)...

The problem is the ASA...somewhere it blocks the communication....

Can you help me ?
0
Comment
Question by:Lemosa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Fidelius
ID: 40412835
Hello,

As you didn't post configuration, I assume you are mising FTP inspection on ports different than standard 21/tcp.
So you need to do the following :

class ftp_nonstandard
    match port tcp range 2101 2103
!
policy-map global_policy
    class ftp_nonstandard
        inspect ftp
!

If 2103 is not last port, replace it with final port value.
0
 

Author Comment

by:Lemosa
ID: 40412853
Thank

Just a question...

Must i replace this policy-map or add...

class-map inspection_default
  match default-inspection-traffic

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 40412859
Just add class I suggested under same policy.
0
 
LVL 12

Accepted Solution

by:
Fidelius earned 500 total points
ID: 40412862
So, it will look something like this:

class-map inspection_default
  match default-inspection-traffic
class ftp_nonstandard
    match port tcp range 2101 2103

policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
class ftp_nonstandard
  inspect ftp
0
 

Author Comment

by:Lemosa
ID: 40412927
it works..

Many thanks
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question