https://community.cisco.com/t5/network-security/sftp-through-asa55xx-rule-nat-help/m-p/1649692#M566084 <HTML><HEAD></HEAD><BODY><P>All,</P><P></P><P>Thanks for the advice but I ahve now resolved the issue.&nbsp; It was related to user permissions for the FTP within AD</P><P></P><P>Thanks</P></BODY></HTML> Wed, 02 Mar 2011 16:05:42 GMT tinochelli 2011-03-02T16:05:42Z https://community.cisco.com/t5/network-security/sftp-through-asa55xx-rule-nat-help/m-p/1649688#M566080 <P>Hey All,</P><P></P><P>Looking for a bit off assistance with a strange issue i've inherited on a live VoIP network.&nbsp; The voice infrastructure is behind an ASA 5500 and i have a scheduled backup to run on a weekly basis.</P><P></P><P>Once it was set up it ran fine for a couple of weeks then started failing.&nbsp; I check the log on Solarwinds SFTP and the login credentials are authenticated and also says "Uploading file to..."</P><P></P><P>When I check on the Publisher backup screen it says: Failed to initiate backup. Unable to access SFTP server or SFTP server too slow to respond"</P><P><BR />When i connect locally to the FTP server its fine so my thinking is an issue with the ASA.&nbsp; See ACL and NAT below.</P><P></P><P>access-list 200 extended permit tcp host 172.16.80.130 10.16.80.0 255.255.255.0<BR />access-list 200 extended permit udp host 172.16.80.130 10.16.80.0 255.255.255.0<BR />access-list 200 extended permit icmp host 172.16.80.130 10.16.80.0 255.255.255.0</P><P><BR />access-list natd&nbsp; extended permit ip 10.16.80.0 255.255.255.0 host 172.16.80.130</P><P></P><P>static (Inside,Outside) 10.16.80.254 10.16.80.254 netmask 255.255.255.255</P><P></P><P>I have restarted the SFTP service.</P><P></P><P>As I said this was working so dont quite understand why it has stopped.&nbsp;&nbsp;&nbsp; Any suggestions greatly appreciated.</P><P></P><P>Cheers,</P> Mon, 11 Mar 2019 19:52:50 GMT https://community.cisco.com/t5/network-security/sftp-through-asa55xx-rule-nat-help/m-p/1649688#M566080 tinochelli 2019-03-11T19:52:50Z https://community.cisco.com/t5/network-security/sftp-through-asa55xx-rule-nat-help/m-p/1649689#M566081 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>have you altered your static NAT command because it looks weird, why do you want to nat statically from 10.16.80.254 to 10.16.80.254?</P><P>You should nat from your outside local to the inside local.</P><P></P><P>greets Martin</P></BODY></HTML> Fri, 18 Feb 2011 11:29:03 GMT https://community.cisco.com/t5/network-security/sftp-through-asa55xx-rule-nat-help/m-p/1649689#M566081 martin_knorre 2011-02-18T11:29:03Z https://community.cisco.com/t5/network-security/sftp-through-asa55xx-rule-nat-help/m-p/1649690#M566082 <HTML><HEAD></HEAD><BODY><P>Hi Martin,</P><P></P><P>Yeah its a translation to itself essentially.&nbsp; So it goes in as 10.16.80.254 and comes out as the same. When I check the logs on the SFTP server I can see 10.16.80.254 being successfully logged in.</P><P></P><P>Thanks </P></BODY></HTML> Fri, 18 Feb 2011 11:33:52 GMT https://community.cisco.com/t5/network-security/sftp-through-asa55xx-rule-nat-help/m-p/1649690#M566082 tinochelli 2011-02-18T11:33:52Z https://community.cisco.com/t5/network-security/sftp-through-asa55xx-rule-nat-help/m-p/1649691#M566083 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>There are a couple of troubleshooting steps that we can do. Please, take the logs from one FTP attempt in order to see the reason for the connection teardown.</P><P></P><P>We will take it from there.</P><P></P><P>Thanks</P><P></P><P>Mike</P></BODY></HTML> Sat, 19 Feb 2011 05:05:40 GMT https://community.cisco.com/t5/network-security/sftp-through-asa55xx-rule-nat-help/m-p/1649691#M566083 Maykol Rojas 2011-02-19T05:05:40Z https://community.cisco.com/t5/network-security/sftp-through-asa55xx-rule-nat-help/m-p/1649692#M566084 <HTML><HEAD></HEAD><BODY><P>All,</P><P></P><P>Thanks for the advice but I ahve now resolved the issue.&nbsp; It was related to user permissions for the FTP within AD</P><P></P><P>Thanks</P></BODY></HTML> Wed, 02 Mar 2011 16:05:42 GMT https://community.cisco.com/t5/network-security/sftp-through-asa55xx-rule-nat-help/m-p/1649692#M566084 tinochelli 2011-03-02T16:05:42Z