10-08-2017 03:31 PM - edited 02-21-2020 06:27 AM
I've set up an ASA 5510 for our small business office. I've got several systems behind the ASA (inside) that I have given access to (such as our email server, etc). Those are all working just fine. However, I can NOT get to FTP sites. I've had no issues with other protocols, but I simply can not figure out what I've got incorrect in my config.
When I run "show service policy inspect ftp" I see:
ciscoasa# show service-policy inspect ftp
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: ftp, packet 770, drop 0, reset-drop 0, v6-fail-close 0
The packets increment when I try to access FTP sites, but they ultimately don't connect. Please help me figure this one out!
My Internet configuration is thru a single public IP, which is assigned by DHCP, and while it's 99.9% of the time never going to the change, the ISP won't guarantee it, so my Outside interface is set to DHCP. Internal network is 172.18.X.Y/16.
I could certainly use some help, as I've spent a significant bit of time trying to figure this out, to no avail. I'm sure I'm doing something wrong that's obvious, but I'm just not catching it. My scrubbed config is attached. Happy to provide debugging, though may need a bit of assist on just what to capture!
Thanks!
10-09-2017 08:28 AM
Hello,
I may missed it on the config file but I did not see any ACL permiting FTP traffic.
Is if from outside to inside, right?
10-09-2017 02:37 PM
Actually it was failing from inside to outside. I THINK I've managed to get it working, and one of the oddities was that the particular user encountering the issue was trying to download a file from a support site using Microsoft Edge, which fails on FTP. When I tried the same thing on Chrome, Firefox, or Filezilla, it works, so I'm thinking it's a specific issue with Edge.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide