Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
539
Views
0
Helpful
1
Replies

Cisco ACE Source NAT passive FTP

joeharb
Level 5
Level 5

‎01-05-2015 10:05 AM

We are having issues getting ftp to work behind the ace in a routed environment with source nat.  The reservers gateway isn't the ace therefore we are natting all traffic to them from ace.  HTTP/Active FTP works without issue but Passive FTP doesn't work.

 

class-map match-any FTP_PASV_CLASS
  2 match virtual-address 10.27.13.122 tcp any
class-map match-all Nupoint_Colored_21
  2 match virtual-address 10.27.13.122 tcp eq ftp

 

policy-map multi-match L4_POLICY  (Client Facing)

 class Nupoint_Colored_21
    loadbalance vip inservice
    loadbalance policy L7_Nupoint_Colored_FTP
    loadbalance vip icmp-reply
    nat dynamic 1 vlan 944
    inspect ftp

policy-map multi-match L4_Inside_Policy (Server Facing)
  class FTP_PASV_CLASS
    nat dynamic 100 vlan 906

 

interface vlan 906

  nat-pool 100 10.27.13.122 10.27.13.122 netmask 255.255.255.255

  service-policy input L4_POLICY

interface vlan 944
  description Private
  service-policy input L4_Inside_Policy

  nat-pool 1 192.168.24.253 192.168.24.254 netmask 255.255.255.0 pat

 

Any suggestions?

 

Thanks,

 

Joe

 

 

 

Labels:
0 Helpful
1 Reply 1

Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎01-06-2015 10:00 AM

Hi Joe,

Is the nat happening correctly? Can you take a pcap on ACE itself and send it for analysis?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card