I can not access anything outside the internal network from the FTP server. How do I confiure my ASA 5500 to allow the server outside access. I can not ping or access internet.

interface Ethernet0/0

nameif outside

security-level 0

ip address 209.117.141.85 255.255.255.224

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.1.255.254 255.255.255.248

!

interface Ethernet0/2

nameif dmz

security-level 50

ip address 10.2.2.1 255.255.255.0

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

boot system disk0:/asa804-k8.bin

ftp mode passive

clock timezone MDT -7

clock summer-time MDT recurring

dns domain-lookup outside

dns server-group DefaultDNS

name-server 4.2.2.1

name-server 10.1.1.25

name-server 10.1.1.26

domain-name mjfirm.com

dns server-group clientgroup

name-server 10.1.1.25

name-server 10.1.1.26

dns server-group vpnclients

name-server 10.1.1.25

name-server 10.1.1.26

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list inbound extended permit tcp any host 209.117.141.83 eq www

access-list inbound extended permit tcp any host 209.117.141.83 eq https

access-list inbound extended permit tcp any host 209.117.141.83 eq ftp

access-list inbound extended permit tcp any host 209.117.141.83 eq ftp-data

access-list inbound extended permit tcp any host 209.117.141.83 eq ssh

access-list inbound extended permit tcp any host 209.117.141.84 eq imap4

access-list inbound extended permit tcp any host 209.117.141.84 eq pop3

access-list inbound extended permit tcp any host 209.117.141.84 eq www

access-list inbound extended permit tcp any host 209.117.141.84 eq https

access-list inbound extended permit tcp any host 209.117.141.84 eq smtp

access-list inbound extended permit icmp any any

access-list inbound remark MMS-1755

access-list inbound extended permit tcp any eq 1755 host 209.117.141.83

access-list inbound remark MMS-UDP

access-list inbound extended permit udp any eq 1755 host 209.117.141.83 inactive

access-list dmz extended permit tcp host 10.2.2.2 host 10.1.1.11 eq smtp

access-list dmz extended permit tcp host 10.2.2.2 host 10.1.1.50 eq 8777

access-list nonat extended permit ip 10.1.0.0 255.255.0.0 172.16.22.0 255.255.255.0

access-list nonat extended permit ip 10.1.10.0 255.255.255.0 10.0.0.0 255.255.255.0

access-list nonat extended permit ip 10.1.1.0 255.255.255.0 10.0.0.0 255.255.255.0

access-list nonat extended permit ip 10.1.10.0 255.255.255.0 10.1.8.0 255.255.255.0

access-list nonat extended permit ip 10.1.1.0 255.255.255.0 10.1.8.0 255.255.255.0

access-list nonat extended permit ip any 172.16.22.0 255.255.255.0

access-list vpnsplit extended permit ip 10.1.0.0 255.255.0.0 172.16.22.0 255.255.255.0

access-list encrypt_acl extended permit ip 10.1.10.0 255.255.255.0 10.0.0.0 255.255.255.0

access-list encrypt_acl extended permit ip 10.1.1.0 255.255.255.0 10.0.0.0 255.255.255.0

access-list global_mpc extended permit tcp any any

access-list encrypt_acl-30 extended permit ip 10.1.10.0 255.255.255.0 10.1.8.0 255.255.255.0

access-list encrypt_acl-30 extended permit ip 10.1.1.0 255.255.255.0 10.1.8.0 255.255.255.0

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu dmz 1500

mtu management 1500

ip local pool vpnpool 172.16.22.1-172.16.22.254 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

icmp permit any inside

asdm image disk0:/asdm-61551.bin

no asdm history enable

arp timeout 14400

global (outside) 10 209.117.141.82 netmask 255.255.255.0

global (inside) 10 interface

global (dmz) 10 interface

nat (inside) 0 access-list nonat

nat (inside) 10 0.0.0.0 0.0.0.0

nat (dmz) 10 0.0.0.0 0.0.0.0

static (dmz,outside) 209.117.141.83 10.2.2.2 netmask 255.255.255.255

static (inside,outside) 209.117.141.84 10.1.1.11 netmask 255.255.255.255

static (dmz,inside) 10.2.2.2 10.2.2.2 netmask 255.255.255.255

static (inside,dmz) 10.1.1.11 10.1.1.11 netmask 255.255.255.255

static (inside,dmz) 10.1.1.50 10.1.1.50 netmask 255.255.255.255

access-group inbound in interface outside

access-group dmz in interface dmz

route outside 0.0.0.0 0.0.0.0 209.117.141.81 1

route inside 10.1.0.0 255.255.0.0 10.1.255.249 1

route outside 10.1.8.0 255.255.255.0 209.117.141.81 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

aaa-server vpn protocol radius

aaa-server vpn (inside) host 10.1.1.25

key -->*2009a

aaa-server vpn (inside) host 10.1.1.26

key -->*2009a

aaa authentication ssh console LOCAL

aaa authentication telnet console LOCAL

aaa local authentication attempts max-fail 16

http server enable

http 10.1.0.0 255.255.0.0 inside

http 172.16.22.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

sysopt noproxyarp inside

sysopt noproxyarp dmz

sysopt noproxyarp management

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set HQset esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map outside_dyn_map 10 set pfs group1

crypto dynamic-map outside_dyn_map 10 set transform-set ESP-3DES-MD5

crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 28800

crypto dynamic-map outside_dyn_map 10 set security-association lifetime kilobytes 4608000

crypto dynamic-map outside_dyn_map 10 set reverse-route

crypto map outside_map 20 match address encrypt_acl

crypto map outside_map 20 set peer 67.42.142.175

crypto map outside_map 20 set transform-set HQset

crypto map outside_map 20 set security-association lifetime seconds 28800

crypto map outside_map 20 set security-association lifetime kilobytes 4608000

crypto map outside_map 30 match address encrypt_acl-30

crypto map outside_map 30 set peer 65.102.14.72

crypto map outside_map 30 set transform-set HQset

crypto map outside_map 30 set security-association lifetime seconds 86400

crypto map outside_map 30 set security-association lifetime kilobytes 4608000

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp nat-traversal 50

telnet 10.1.0.0 255.255.0.0 inside

telnet timeout 15

ssh 0.0.0.0 0.0.0.0 outside

ssh 10.1.0.0 255.255.0.0 inside

ssh timeout 30

console timeout 0

management-access inside

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

!

threat-detection basic-threat

threat-detection scanning-threat

threat-detection statistics

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

ntp server 192.43.244.18

webvpn

enable outside

svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1

svc enable

tunnel-group-list enable

group-policy vpnclients internal

group-policy vpnclients attributes

wins-server value 10.1.1.25

dns-server value 10.1.1.25 10.1.1.26

vpn-tunnel-protocol IPSec

ipsec-udp enable

split-tunnel-policy tunnelspecified

split-tunnel-network-list value vpnsplit

default-domain value mjfirm.local

split-dns value mjfirm.local

address-pools value vpnpool

group-policy M&JVPN internal

group-policy clientgroup internal

group-policy clientgroup attributes

wins-server value 10.1.1.25

dns-server value 10.1.1.25 10.1.1.26

vpn-tunnel-protocol svc webvpn

split-tunnel-policy tunnelall

webvpn

  svc keep-installer installed

  svc rekey time 30

  svc rekey method ssl

  svc ask none default svc

username ssluser1 password 0BF9omj8n5A90KxJ encrypted

username gtri password gBhZB8pZ4/QjvH/s encrypted privilege 15

username admin password PM0xX4GwWjdoKH43 encrypted privilege 15

username snguyen password WJQ/.EQK5Agk2bHt encrypted privilege 0

tunnel-group M&J type remote-access

tunnel-group M&J general-attributes

address-pool vpnpool

authentication-server-group vpn

default-group-policy vpnclients

tunnel-group M&J ipsec-attributes

pre-shared-key *

tunnel-group sslgroup type remote-access

tunnel-group sslgroup general-attributes

address-pool vpnpool

authentication-server-group vpn

default-group-policy clientgroup

tunnel-group sslgroup webvpn-attributes

group-alias sslgroup_users enable

tunnel-group 67.42.142.175 type ipsec-l2l

tunnel-group 67.42.142.175 ipsec-attributes

pre-shared-key *

tunnel-group 65.102.14.72 type ipsec-l2l

tunnel-group 65.102.14.72 ipsec-attributes

pre-shared-key *

tunnel-group M&JVPN type remote-access

tunnel-group M&JVPN general-attributes

address-pool vpnpool

authentication-server-group vpn

default-group-policy M&JVPN

tunnel-group M&JVPN ipsec-attributes

pre-shared-key *

!

class-map global-class

match access-list global_mpc

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns migrated_dns_map_1

parameters

  message-length maximum 768

policy-map global_policy

class inspection_default

  inspect dns migrated_dns_map_1

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect icmp

class global-class

  ips inline fail-open sensor vs0

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:9da7f49041819a8a4dd7c93b4e8f2d46

: end