ASA question for doing ftp

gtuhindhaka · ‎08-13-2008

Hello Sir,

I am working with ASA 5510 for last 2 weeks. 2 interfaces has configured. One is Outside and another one is inside. Everything is ok from outside. I can do telnet ftp and http everything from outside. but when I do ftp from inside to outside, i get some problem. Outside ftp server autheticate userid and password but when i give any command like dir or get or put it tell "245 unable to open data connection". Seems ASA is blocking something. what is happening and what to do for this.

Outside interface security level is set to 0 and inside interface security level is set to 100.

Can I get some help from you?

Regards,

Tuhin

Dhaka

Alan Huseyin Kayahan · ‎08-13-2008

Hello Tuhin

Try this

policy-map global_policy

class inspection_default

inspect ftp

Regards

gtuhindhaka · ‎08-13-2008

Hello Sir,

Thanks for your reply. Now could you please do me another favor. I am trying to configure IPS. According to cisco doc i have configured below:

access-list IPS extended permit ip any any

class-map my-ips-class

match access-list IPS

policy-map my-ips-policy

class my-ips-class

ips inline fail-close

service-policy my-ips-policy global

And all incommeing traffic from outside should go to IPS. How to make sure that traffic is going to IPS.

If i give command like this

sh service-policy global

its showing below:

Global policy:

Service-policy: my-ips-policy

Class-map: my-ips-class

IPS: card status Up, mode inline fail-close

packet input 12119, packet output 12119, drop 0, reset-drop 0

Then I go to ips and enable a signature definition number 2004 to denay ICMP echo request. In actions i choosed deny packet inline. but still i can ping from outside to inside.

Please advise sir what to do.

Regards,

Tuhin.