Hi Julio,

Thank you for your reply. Yes I tried from two different IP addresses with two different computers. It still gives me the same error. Actually I am able to connect to the FTP server. I am able to start transferring files but when it comes to 99% of transfer, I get disconnected. do you think it has something to do with MTU? I disabled ip virtual-assembly on my WAN and LAN interfaces but I still get the same logs on the router and my FTP connection remains the same.

Thanks for your help.

Regards,

Vishal

Hello,

Is there a way you could post your configuration?

Also what version are you running?

Regards,

Julio

Hi julio,

I raised this issue with TAC and I got an engineer to work with me. We couldn't find any fault on the router though. He says it could be with the ftp server itself not accepting packets from the ftp client. I will need to further troubleshoot this.

By the way, could you please  let me know how can I assign different public ip addresses to my WAN interface? I have two servers in my network one with ip 10.17.0.11 and the other with ip 10.17.0.20. Different users from outside will connect to different servers on different public ip addresses.

Thank you Julio.

Regards,

Vishal

Thank you for your reply Julio. I'll do it tomorrow when I get back to work. I have actually configured NAT from inside to outside to allow connections to an internal server with ip address 10.17.0.11 on public ip address 121.200.237.164. The physical ip address of the WAN interface is 121.200.237.163. I also configured an access list permitting a group of users to connect to the internal server.It worked earlier but now it's not working. I have probably made some changes while further configuring the router and that may have caused it to stop working.I'll post the configs tomorrow morning.Thank you. Kind regards, Vishal

Date: Tue, 7 Feb 2012 19:30:17 -0700

From: supportforums-donotreply@jivesoftware.com

To: vishal90216@hotmail.com

Subject: - Re: Cannot FTP to server from outside the network - Cisco 2951 Zone-Based Firewall

Home

Re: Cannot FTP to server from outside the network - Cisco 2951 Zone-Based Firewall

created by jcarvaja in Firewalling - View the full discussion

Hello, Is there a way you could post your configuration? Regards, Julio

Reply to this message by going to Home

Start a new discussion in Firewalling at Home

Hello,

So you have done a static one to one translatio from the ftp server to the outside to a differetn public ip address, that is great.

Now you told me you also configured an ACL for the outside interface ( inbound direction)

I would like to know from witch ip address are you trying to connect and also I would like to see the config.

I will wait for that.

Regards,

Julio

Hi Julio,

Sorry I couldn't get back to you earlier. Had tons of things to do. Regarding the ftp issue, I would like to mention that I used Cisco Configuration Professional to configure the router and the firewall rules. Well, I created firewall rules by first creating an ACL, then use that ACL in a Class-map, then associate that Class-map with a Policy-map and use that  Policy-map in a service-map.Well, it didn't work for FTP. It did work fine for other services. I'm thinking it is because of the two channels used by ftp, the control channel and the data channel. The way I worked around this issue was to delete that class-map and ACL for FTP. Then, I edited the firewall by going to Configure > Security > Firewall > Firewall  > Edit Firewall Rules.

I added a new firewall rule in the outzone-inzone zone-pair which allows external users to connect to the ftp server in the local network.

I think this could be a shortcoming of Cisco Configuration Professional. I also noticed that when I make changes using CCP, sometimes it doesn't work and that creates conflicts on the router.

Anyway this issue is solved now and I thank you for your kind support.

Kind regards,

Vishal