cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


623
Views
0
Helpful
4
Replies
Highlighted

ASA 5510 ftp traffic passing on 1 interface but not another

I have a 5510 running 8.4

FTP traffic routed from outside to the inside interface works fine.  I have another interface with multiple sub-interfaces and vlans configured.  FTP traffic routed from the outside to vlan2_servers is not making it through the firewall.  I must be missing something.  I have attached my config.  Any assistance would be greatly appreciated.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions

ASA 5510 ftp traffic passing on 1 interface but not another

Hello Jennifer,

So you are trying to access the FTP server from the outside.

Can you change this:

object network FTPServer1

nat (any,outside) static xxx.xxx.xxx.105

to

object network FTPServer1

nat (vlan2,outside) static xxx.xxx.xxx.105

Please rate helpful posts.

Regard,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
4 REPLIES 4

ASA 5510 ftp traffic passing on 1 interface but not another

Hello Jennifer,

May I have some information related to this case:

-Where is the FTP server (Outside or Vlan2)

- Are you running passive FTP?

-What is the private ip address of the host on vlan 2

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

ASA 5510 ftp traffic passing on 1 interface but not another

Hi Julio,

Thanks for responding.

The FTP server is on vlan2

I am running passive FTP

The private address of the FTP server on vlan2 is 10.118.2.133

ASA 5510 ftp traffic passing on 1 interface but not another

Hello Jennifer,

So you are trying to access the FTP server from the outside.

Can you change this:

object network FTPServer1

nat (any,outside) static xxx.xxx.xxx.105

to

object network FTPServer1

nat (vlan2,outside) static xxx.xxx.xxx.105

Please rate helpful posts.

Regard,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

ASA 5510 ftp traffic passing on 1 interface but not another

That worked.  Thank you!