topic Re: DMZ FTP server setup in Network Security

DMZ FTP server setup

ckuriyar74 — Mon, 11 Mar 2019 13:02:48 GMT

ASA 5510 with 8.0(3)

Iam trying to configure DMZ network and configure for FTP server access.

The FTP access is fine but when I configure DMZ interface to access from inside network, the FTP access from outside does not work.

The problem is that we can login to FTP site and unable to list folders & files and get the error message and also internet access will not work.

If I remove the access-group entry on DMZ interface FTP works fine and able to list folders & files and internet access works fine.

I have attached the config and can some one help me to resolve this issue.

Thanks,

Chandru

Re: DMZ FTP server setup

dhananjoy chowdhury — Mon, 23 Jun 2008 11:12:21 GMT

Hi,

check the following

1. Whether the FTP server is in Active or passive mode ?

2. what packets / traffic are getting dropped from FTP server to the client outside?

Re: DMZ FTP server setup

mohammed_moustafa — Mon, 23 Jun 2008 11:28:35 GMT

Hi dear,

The problem is mainly caused by the denial of reply back traffic comming from the your FTP server. so there are two sollutions: firest in the DMZ access list allow traffic from FTP server to any on FTP ports OR, configure traffic inspection, you can use the default ASA inspection:

class-map inspection_default

match default-inspection-traffic

policy-map global_policy

class inspection_default

inspect dns maximum-length 1500

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

service-policy global_policy global

I'm sure this will help.

Best regards,

Re: DMZ FTP server setup

mohammed_moustafa — Tue, 24 Jun 2008 12:14:41 GMT

Hi,

how is it going with you, the problem is solved or what?

Re: DMZ FTP server setup

ckuriyar74 — Fri, 27 Jun 2008 07:25:14 GMT

Hi,

It solved my issue, just miised traffic inspection. 🙂