Re: Problem with interface PAT in ASA 8.4

esanvalero · ‎08-04-2012

Hi.

I've an ASA5505 running 8.4 firmware

I'm trying to configure access to an internal FTP server using the same IP address we have in the outside interface.

The configuration is as follows:

---------

object network FTP

host 192.168.125.32

object network FTP

nat (inside,outside) static interface service tcp ftp ftp

access-list outside_access_in line 3 extended permit tcp any object Fax eq ftp log default

---------

... But it doesn't work ...

If I use any other public accesible IP to do the NAT it works fine. For example:

---------

object network Fax

nat (inside,outside) static 44.44.44.44 service tcp ftp ftp

---------

So, is it not possible to use the outside interface of the ASA to redirect a port to an internal service??

gouravbathla · ‎08-05-2012

It is not correct

access-list outside_access_in line 3 extended permit tcp any object Fax eq ftp log default

it should be

access-list outside_access_in line 3 extended permit tcp any object FTP eq ftp log default

Try with this

Rate this if it is helpful..

esanvalero · ‎08-05-2012

Hi Gourav.

You are right. I made a mistake while copying the lines. But the problem persist with the changes you mention.

Sent from Cisco Technical Support iPhone App

gouravbathla · ‎08-05-2012

please provide your running config output .

epasqualotto · ‎07-22-2013

Hi, I've the same issue with FTP on outside interface (other IP works well). Have you found any workaround? I'm running on 8.4.6

Thanks

esanvalero · ‎08-05-2013

Hi.

I haven't found a solution. Finally I had to use other IP address than the one used by the outside interface.

Regards