https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380503#M798547 <HTML><HEAD></HEAD><BODY><P>Have you check your routing? (Not VPN)</P><P></P><P>You can also try to put a <STRONG>deny ip any any log</STRONG> at the end of the incoming ACL and send all the log to a syslog server to inspect what else is being blocked.</P><P></P><P>Regards,</P><P>jerry</P></BODY></HTML> Thu, 31 Dec 2009 04:02:31 GMT Jerry Ye 2009-12-31T04:02:31Z https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380498#M798542 <P>I can't get through the firewall on port 5052. I'm using firezilla and it says that it does not recognize an unroutable address. it works over the vpn so it's something to do with the asa.</P> Mon, 11 Mar 2019 16:52:54 GMT https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380498#M798542 dlove 2019-03-11T16:52:54Z https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380499#M798543 <HTML><HEAD></HEAD><BODY><P>Do you have firewall rules opened for this port?</P><P></P><P>Regards,</P><P>jerry</P></BODY></HTML> Wed, 30 Dec 2009 23:20:29 GMT https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380499#M798543 Jerry Ye 2009-12-30T23:20:29Z https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380500#M798544 <HTML><HEAD></HEAD><BODY><P>Yes. A static and an access list.</P></BODY></HTML> Thu, 31 Dec 2009 00:02:20 GMT https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380500#M798544 dlove 2009-12-31T00:02:20Z https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380501#M798545 <HTML><HEAD></HEAD><BODY><P>Assuming static means static NAT. With limited information, I can only suggest two things.</P><P></P><P>1) Make sure all routing is correct when access through the firewall. Verify it with ping and traceroute</P><P>2) Remove FTP inspection (fixup) and re-test</P><P></P><P>Regards,</P><P>jerry</P></BODY></HTML> Thu, 31 Dec 2009 02:16:11 GMT https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380501#M798545 Jerry Ye 2009-12-31T02:16:11Z https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380502#M798546 <HTML><HEAD></HEAD><BODY><P>This is all I have right now. I tried removing inspect with no luck.</P><P></P><P>access-list incoming extended permit tcp any host 68.216.158.101 eq 5052 <BR />static (inside,outside) tcp 68.216.158.101 5052 192.168.1.171 5052 netmask 255.255.255.255</P></BODY></HTML> Thu, 31 Dec 2009 02:32:41 GMT https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380502#M798546 dlove 2009-12-31T02:32:41Z https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380503#M798547 <HTML><HEAD></HEAD><BODY><P>Have you check your routing? (Not VPN)</P><P></P><P>You can also try to put a <STRONG>deny ip any any log</STRONG> at the end of the incoming ACL and send all the log to a syslog server to inspect what else is being blocked.</P><P></P><P>Regards,</P><P>jerry</P></BODY></HTML> Thu, 31 Dec 2009 04:02:31 GMT https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380503#M798547 Jerry Ye 2009-12-31T04:02:31Z https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380504#M798548 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>If you wish to pass FTP traffic through your Firewall on NON STANDARD ports, then in order to make it work, please add the following MPF (modular Policy Framework) :-</P><P></P><P></P><P>Lets assume you have FTP server (1.1.1.1) on outside of your ASA , and you have clients in inside which needs to access the server. First of all, remove inspect ftp from global_policy and the proceed as follows for non std FTP inspection.</P><P></P><P>access-list FTP extended permit tcp any host 1.1.1.1 range 20 21</P><P>access-list FTP extended permit tcp&nbsp; host 1.1.1.1 any range 20 21</P><P></P><P>class-map class_ftp</P><P>match access-list FTP</P><P>!</P><P>Policy-map global_policy</P><P>class class_ftp</P><P>inspect ftp</P><P>!</P><P></P><P>service-policy global_policy global</P><P></P><P>HTH</P><P></P><P>Vijaya</P></BODY></HTML> Fri, 01 Jan 2010 21:01:05 GMT https://community.cisco.com/t5/network-security/ftp-on-alternate-port/m-p/1380504#M798548 vilaxmi 2010-01-01T21:01:05Z