https://community.cisco.com/t5/network-security/ftp-on-asa-5510/m-p/2125114#M392768 <HTML><HEAD></HEAD><BODY><P>Hi karsten.iwen,</P><P>Config on Router:</P><P>R2911(config)#access-list 102 permit tcp any host 192.168.1.100 eq ftp</P><P>R2911(config)#access-list 102 permit tcp any host 192.168.1.100 eq ftp-data established</P><P>R2911(config)#access-list 102 permit tcp any any eq 21</P><P>R2911(config)#access-list 102 permit tcp any any eq 20</P><P>Config on ASA:</P><P>ASA5510(config)# policy-map global_policy</P><P>ASA5510(config-pmap)# class inspection_default</P><P>ASA5510(config-pmap-c)# inspect ftp</P><P><SPAN>when access from internet </SPAN><A class="jive-link-external-small" href="ftp://">ftp://</A><SPAN>"domain name"</SPAN></P><P> i see login-frompt but i can't enter username and password,when is use firefox it says "550 permission denied"</P><P>you try acccess:</P><P><A class="jive-link-external-small" href="ftp://atclohoi.com.vn">ftp://atclohoi.com.vn</A><SPAN> </SPAN></P><P>username: ftpadmin01 / password: 123456</P></BODY></HTML> Fri, 18 Jan 2013 03:26:21 GMT jerrybu01 2013-01-18T03:26:21Z https://community.cisco.com/t5/network-security/ftp-on-asa-5510/m-p/2125112#M392765 <P>I have the system: Internal &lt;--&gt; Switch &lt;---&gt; Router cisco 2911 &lt;---&gt; ASA 5510 &lt;---&gt; Modem</P><P>I built FTP server in internal, when i check FTP acccount in internal by IP FTP server --&gt;ok</P><P>So now i want to config FTP can access from internet. i have 1 IP static and domain, i also config already.</P><P>i config on ASA:</P><P>&nbsp;&nbsp;&nbsp; ASA5510(config)# policy-map global_policy</P><P></P><P>&nbsp;&nbsp; ASA5510(config-pmap)# class inspection_default</P><P></P><P>&nbsp;&nbsp; ASA5510(config-pmap-c)# inspect ftp</P><P>When i access FTP from internet i just see login, but i can't access</P><P>Help!!!!</P> Tue, 12 Mar 2019 00:47:38 GMT https://community.cisco.com/t5/network-security/ftp-on-asa-5510/m-p/2125112#M392765 jerrybu01 2019-03-12T00:47:38Z https://community.cisco.com/t5/network-security/ftp-on-asa-5510/m-p/2125113#M392767 <HTML><HEAD></HEAD><BODY><P>If you get the login-prompt but can't login, then the FTP control-channel is fine up to your server. You should see a logging-message on the server that gives you more info.</P><P></P><P>Or did you mean with "can't access" that you can login but you can't down- or upload files or can't do a directory-listing?</P><P>Then the data-channel doesn't work. In that case show the result of the following command:</P><P></P><P><SPAN style="font-family: 'courier new', courier;">asa# show service-policy</SPAN></P><P></P><P>and also the config of the router.</P><P></P><P></P><P></P><P>--&nbsp; <BR />Don't stop after you've improved your network! Improve the world by lending money to the working poor: <BR /><A class="jive-link-external-small" href="http://www.kiva.org/invitedby/karsteni" rel="nofollow">http://www.kiva.org/invitedby/karsteni</A></P></BODY></HTML> Wed, 16 Jan 2013 10:22:26 GMT https://community.cisco.com/t5/network-security/ftp-on-asa-5510/m-p/2125113#M392767 Karsten Iwen 2013-01-16T10:22:26Z https://community.cisco.com/t5/network-security/ftp-on-asa-5510/m-p/2125114#M392768 <HTML><HEAD></HEAD><BODY><P>Hi karsten.iwen,</P><P>Config on Router:</P><P>R2911(config)#access-list 102 permit tcp any host 192.168.1.100 eq ftp</P><P>R2911(config)#access-list 102 permit tcp any host 192.168.1.100 eq ftp-data established</P><P>R2911(config)#access-list 102 permit tcp any any eq 21</P><P>R2911(config)#access-list 102 permit tcp any any eq 20</P><P>Config on ASA:</P><P>ASA5510(config)# policy-map global_policy</P><P>ASA5510(config-pmap)# class inspection_default</P><P>ASA5510(config-pmap-c)# inspect ftp</P><P><SPAN>when access from internet </SPAN><A class="jive-link-external-small" href="ftp://">ftp://</A><SPAN>"domain name"</SPAN></P><P> i see login-frompt but i can't enter username and password,when is use firefox it says "550 permission denied"</P><P>you try acccess:</P><P><A class="jive-link-external-small" href="ftp://atclohoi.com.vn">ftp://atclohoi.com.vn</A><SPAN> </SPAN></P><P>username: ftpadmin01 / password: 123456</P></BODY></HTML> Fri, 18 Jan 2013 03:26:21 GMT https://community.cisco.com/t5/network-security/ftp-on-asa-5510/m-p/2125114#M392768 jerrybu01 2013-01-18T03:26:21Z https://community.cisco.com/t5/network-security/ftp-on-asa-5510/m-p/2125115#M392770 <HTML><HEAD></HEAD><BODY><P>Error 550 is caused by the server. You have to troubleshhot it there.<BR /><BR /><BR />Sent from Cisco Technical Support iPad App</P></BODY></HTML> Fri, 18 Jan 2013 06:50:26 GMT https://community.cisco.com/t5/network-security/ftp-on-asa-5510/m-p/2125115#M392770 Karsten Iwen 2013-01-18T06:50:26Z https://community.cisco.com/t5/network-security/ftp-on-asa-5510/m-p/2125116#M392774 <HTML><HEAD></HEAD><BODY><P>No, I used ftptest.net and i had a log file</P><P>(000027)1/23/2013 9:30:47 AM - (not logged in) (62.75.138.232)&gt; Connected, sending welcome message...</P><P>(000027)1/23/2013 9:30:47 AM - (not logged in) (62.75.138.232)&gt; 220-FileZilla Server version 0.9.41 beta</P><P>(000027)1/23/2013 9:30:47 AM - (not logged in) (62.75.138.232)&gt; 220 Test FTP for Lo Hoi</P><P><SPAN>(000027)1/23/2013 9:30:48 AM - (not logged in) (62.75.138.232)&gt; CLNT </SPAN><A class="jive-link-external-small" href="http://ftptest.net">http://ftptest.net</A><SPAN> on behalf of 113.176.64.22</SPAN></P><P>(000027)1/23/2013 9:30:48 AM - (not logged in) (62.75.138.232)&gt; 200 Don't care</P><P>(000027)1/23/2013 9:30:48 AM - (not logged in) (62.75.138.232)&gt; USER ftpuser01</P><P>(000027)1/23/2013 9:30:48 AM - (not logged in) (62.75.138.232)&gt; 331 Password required for ftpuser01</P><P>(000027)1/23/2013 9:30:48 AM - (not logged in) (62.75.138.232)&gt; PASS ******</P><P>(000027)1/23/2013 9:30:48 AM - ftpuser01 (62.75.138.232)&gt; 230 Logged on</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt; SYST</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt; 215 UNIX emulated by FileZilla</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt; FEAT</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt; 211-Features:</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt;&nbsp; MDTM</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt;&nbsp; REST STREAM</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt;&nbsp; SIZE</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt;&nbsp; MLST type*;size*;modify*;</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt;&nbsp; MLSD</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt;&nbsp; UTF8</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt;&nbsp; CLNT</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt;&nbsp; MFMT</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt; 211 End</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt; PWD</P><P>(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)&gt; 257 "/" is current directory.</P><P>(000027)1/23/2013 9:30:50 AM - ftpuser01 (62.75.138.232)&gt; TYPE I</P><P>(000027)1/23/2013 9:30:50 AM - ftpuser01 (62.75.138.232)&gt; 200 Type set to I</P><P>(000027)1/23/2013 9:30:50 AM - ftpuser01 (62.75.138.232)&gt; PASV</P><P>(000027)1/23/2013 9:30:50 AM - ftpuser01 (62.75.138.232)&gt; 227 Entering Passive Mode (113,176,64,22,195,83)</P><P>(000027)1/23/2013 9:30:50 AM - ftpuser01 (62.75.138.232)&gt; disconnected.</P><P></P><P>when i use webpage to test ftp, i had a results</P><P>Error: connection time out</P><P><A name="result" style="color: #000000; font-family: 'Times New Roman'; font-size: medium; background-color: #ffffff;"> <UL><LI>Timeouts are usually caused by some router and/or firewall that is interrupting the connection.</LI></UL></A></P><P><A name="result" style="color: #000000; font-family: 'Times New Roman'; font-size: medium; background-color: #ffffff;"> <UL><LI>Try uninstalling all firewalls and plug your computer directly into your modem, thus bypassing the router</LI></UL></A></P><P></P><P></P><P><A name="result" style="color: #000000; font-family: 'Times New Roman'; font-size: medium; background-color: #ffffff;"><BR /></A></P><P></P><P></P><P></P><P><A name="result" style="color: #000000; font-family: 'Times New Roman'; font-size: medium; background-color: #ffffff;"></A></P><P></P><P></P></BODY></HTML> Wed, 23 Jan 2013 02:59:34 GMT https://community.cisco.com/t5/network-security/ftp-on-asa-5510/m-p/2125116#M392774 jerrybu01 2013-01-23T02:59:34Z