cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
859
Views
0
Helpful
3
Replies

Cannot use FTP Passive/Active of ASA5505

Ratatapaa
Level 1
Level 1

Hi we establshed a  VPN for work and we have 1 mini problems.

Users cannot download some files from a FTP in a software over VPN

Explanation users work with a program and inside the program they download claim (the software goes to the FTP and download the file)

But the program returns an error 3018 in FTPGET.

If the user goes to the old PPTP VPN it works like a charm  so the problem is the Cisco VPN.

I cannot post my complete config but we use the filter vpn value to associate a special access-list to a user.

The user that has this problem has this as an access-list.

access-list 201 extended ip permit 10.250.128.0 255.255.255.0 192.168.202.0 255.255.255.0

I've made some research and i've added this info

policy-map global_policy

class inspection_default

Inspection ftp

Still doesn't work.

I have to  add that normally the internal network is 2.0 and not 202.0 but since we have user with 2.0 at home we had to do this.

So when a user sends a request to 202. the cisco fowards it to the Juniper inside the network and it translate it back to 2.0

Also that is the ONLY thing that doesn't work.  The client can work all day on that program and it will work #1 exept when she does the claims

I am also been working on this VPN for 2-3 months without any problems.

Thanks

3 Replies 3

Maykol Rojas
Cisco Employee
Cisco Employee

Hi,

Can you take a capture simultaneously on the server and the client using wireshark?

Mike

Mike

No because the server is not ours and the company is like  No way don't touch our stuff if it works with the PPTP it works with your cisco, don't put us in the problem blah blah blah.

Could try for the client

Mmmm, I see, well, at least can you take the capture on the client side? That something you control right?

Mike

Mike
Review Cisco Networking for a $25 gift card