11-12-2008 01:52 AM - edited 03-11-2019 07:12 AM
Hello a customer of us have a Cisco Router 878 and WS_FTP Server 7.
I have problems with contacting the server when I set up a connection I get the message from my server and he asks for my login credentials after I typed in de credentials the connection wil lost with the FTP Server.
I have already contact Ipswitch the manufacturer of WS_FTP Server they tell me that server is goog configured because it works in my internal LAN.
In the router I have configured the ports for FTP and I have also tried to set up a external IP adres with no firewall rules but that would work either. I hope someone can help me if you wish I can but my configuration online.
11-18-2008 02:58 PM
Verify ACL configuration on router. To start FTP server with, activate ftp server write-enable that is deactivated in your config in the router.
11-19-2008 11:13 AM
I have tried the command that you give but I can't type it in. I will post the configuration maybe you can see something.
hostname router01
!
enable secret [PASSWORD]
!
ip cef
ip inspect name FIREWALL cuseeme
ip inspect name FIREWALL h323
ip inspect name FIREWALL netshow
ip inspect name FIREWALL rcmd
ip inspect name FIREWALL realaudio
ip inspect name FIREWALL rtsp
ip inspect name FIREWALL smtp
ip inspect name FIREWALL sqlnet
ip inspect name FIREWALL streamworks
ip inspect name FIREWALL tftp
ip inspect name FIREWALL tcp
ip inspect name FIREWALL udp
ip inspect name FIREWALL vdolive
ip inspect name FIREWALL icmp
ip inspect name FIREWALL dns
ip inspect name FIREWALL https
ip inspect name FIREWALL imap
ip inspect name FIREWALL pop3
ip inspect name FIREWALL ftp
no ip bootp server
ip domain name [DOMAIN-NAME]
ip name-server [DNS-SERVER]
ip name-server [DNS-SERVER]
!
username [USERNAME] privilege 15 secret [PASSWORD]
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 2/32
oam-pvc manage 3
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
no cdp enable
!
interface FastEthernet1
shutdown
no cdp enable
!
interface FastEthernet2
shutdown
no cdp enable
!
interface FastEthernet3
shutdown
no cdp enable
!
interface Vlan1
description Ethernet LAN
ip address 10.0.90.200 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
hold-queue 100 out
!
interface Dialer0
ip address [IP-PUBLIC] 255.255.255.248
ip access-group infilter in
ip inspect FIREWALL out
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
no cdp enable
ppp authentication pap chap callin
ppp chap hostname [WAN-USERNAME]
ppp chap password [WAN-PASSWORD]
ppp pap sent-username [WAN-USERNAME] password [WAN-PASSWORD]
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source static tcp [IP-SERVER] 1024 interface Dialer0 1024
ip nat inside source static tcp [IP-SERVER] 888 interface Dialer0 888
ip nat inside source static tcp [IP-SERVER] 443 interface Dialer0 443
ip nat inside source static tcp [IP-SERVER] 25 interface Dialer0 25
ip nat inside source static tcp [IP-SERVER] 21 interface Dialer0 21
ip nat inside source static tcp [IP-SERVER] 990 interface Dialer0 990
ip nat inside source static tcp [IP-SERVER] 20 interface Dialer0 20
ip nat inside source route-map nonat interface Dialer0 overload
!
ip access-list extended infilter
permit udp any any eq ntp
permit tcp any any eq 123
permit tcp any any eq 443
permit tcp any any eq smtp
permit tcp any any eq ftp
permit tcp any any eq 990
permit tcp any any eq ftp-data
permit tcp any any eq 22
permit tcp any any eq 1723
permit gre any any
permit esp any any
permit icmp any any unreachable
permit icmp any any echo-reply
permit icmp any any packet-too-big
permit icmp any any time-exceeded
permit icmp any any traceroute
permit icmp any any administratively-prohibited
permit icmp any any echo
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip host 255.255.255.255 any
deny ip host 0.0.0.0 any
evaluate racl
deny ip any any log
!
access-list 1 permit 10.0.90.0 0.0.0.255
access-list 1 permit 192.168.101.0 0.0.0.255
access-list 1 deny any log
access-list 106 remark ----------------------
access-list 106 remark + access-list no nat +
access-list 106 permit ip 10.0.90.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run!
!
route-map nonat permit 10
match ip address 106
11-19-2008 12:13 PM
I have found the problem of the FTP Server. On the server where the FTP software is installed there was running RRAS that now longer was in use when I disabled it the FTP Server works.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide