Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
2
Replies

Beating my head against outgoing FTP problem

chad_bersche
Level 1
Level 1

‎10-08-2017 03:31 PM - edited ‎02-21-2020 06:27 AM

I've set up an ASA 5510 for our small business office.  I've got several systems behind the ASA (inside) that I have given access to (such as our email server, etc).  Those are all working just fine.  However, I can NOT get to FTP sites.  I've had no issues with other protocols, but I simply can not figure out what I've got incorrect in my config. 

When I run "show service policy inspect ftp" I see:

ciscoasa# show service-policy inspect ftp

Global policy:
  Service-policy: global_policy
    Class-map: inspection_default
      Inspect: ftp, packet 770, drop 0, reset-drop 0, v6-fail-close 0

 

The packets increment when I try to access FTP sites, but they ultimately don't connect.  Please help me figure this one out!

 

My Internet configuration is thru a single public IP, which is assigned by DHCP, and while it's 99.9% of the time never going to the change, the ISP won't guarantee it, so my Outside interface is set to DHCP.  Internal network is 172.18.X.Y/16.  

 

I could certainly use some help, as I've spent a significant bit of time trying to figure this out, to no avail.  I'm sure I'm doing something wrong that's obvious, but I'm just not catching it. My scrubbed config is attached.  Happy to provide debugging, though may need a bit of assist on just what to capture!

 

Thanks!

Labels:
Preview file
11 KB
0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎10-09-2017 08:28 AM

Hello,

 I may missed it on the config file but I did not see any ACL permiting FTP traffic.

Is if from outside to inside, right?

0 Helpful

chad_bersche
Level 1
Level 1
In response to Flavio Miranda

‎10-09-2017 02:37 PM

Actually it was failing from inside to outside.  I THINK I've managed to get it working, and one of the oddities was that the particular user encountering the issue was trying to download a file from a support site using Microsoft Edge, which fails on FTP.  When I tried the same thing on Chrome, Firefox, or Filezilla, it works, so I'm thinking it's a specific issue with Edge.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card