Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1127
Views
0
Helpful
4
Replies

FTP on ASA 5510

jerrybu01
Level 1
Level 1

‎01-16-2013 02:01 AM - edited ‎03-11-2019 05:47 PM

I have the system: Internal <--> Switch <---> Router cisco 2911 <---> ASA 5510 <---> Modem

I built FTP server in internal, when i check FTP acccount in internal by IP FTP server -->ok

So now i want to config FTP can access from internet. i have 1 IP static and domain, i also config already.

i config on ASA:

    ASA5510(config)# policy-map global_policy

   ASA5510(config-pmap)# class inspection_default

   ASA5510(config-pmap-c)# inspect ftp

When i access FTP from internet i just see login, but i can't access

Help!!!!

Labels:
0 Helpful
4 Replies 4

Karsten Iwen
VIP
VIP

‎01-16-2013 02:22 AM

If you get the login-prompt but can't login, then the FTP control-channel is fine up to your server. You should see a logging-message on the server that gives you more info.

Or did you mean with "can't access" that you can login but you can't down- or upload files or can't do a directory-listing?

Then the data-channel doesn't work. In that case show the result of the following command:

asa# show service-policy

and also the config of the router.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

jerrybu01
Level 1
Level 1
In response to Karsten Iwen

‎01-17-2013 07:26 PM

Hi karsten.iwen,

Config on Router:

R2911(config)#access-list 102 permit tcp any host 192.168.1.100 eq ftp

R2911(config)#access-list 102 permit tcp any host 192.168.1.100 eq ftp-data established

R2911(config)#access-list 102 permit tcp any any eq 21

R2911(config)#access-list 102 permit tcp any any eq 20

Config on ASA:

ASA5510(config)# policy-map global_policy

ASA5510(config-pmap)# class inspection_default

ASA5510(config-pmap-c)# inspect ftp

when access from internet ftp://"domain name"

i see login-frompt but i can't enter username and password,when is use firefox it says "550 permission denied"

you try acccess:

ftp://atclohoi.com.vn

username: ftpadmin01 / password: 123456

0 Helpful

Karsten Iwen
VIP
VIP
In response to jerrybu01

‎01-17-2013 10:50 PM

Error 550 is caused by the server. You have to troubleshhot it there.


Sent from Cisco Technical Support iPad App

0 Helpful

jerrybu01
Level 1
Level 1
In response to Karsten Iwen

‎01-22-2013 06:59 PM

No, I used ftptest.net and i had a log file

(000027)1/23/2013 9:30:47 AM - (not logged in) (62.75.138.232)> Connected, sending welcome message...

(000027)1/23/2013 9:30:47 AM - (not logged in) (62.75.138.232)> 220-FileZilla Server version 0.9.41 beta

(000027)1/23/2013 9:30:47 AM - (not logged in) (62.75.138.232)> 220 Test FTP for Lo Hoi

(000027)1/23/2013 9:30:48 AM - (not logged in) (62.75.138.232)> CLNT http://ftptest.net on behalf of 113.176.64.22

(000027)1/23/2013 9:30:48 AM - (not logged in) (62.75.138.232)> 200 Don't care

(000027)1/23/2013 9:30:48 AM - (not logged in) (62.75.138.232)> USER ftpuser01

(000027)1/23/2013 9:30:48 AM - (not logged in) (62.75.138.232)> 331 Password required for ftpuser01

(000027)1/23/2013 9:30:48 AM - (not logged in) (62.75.138.232)> PASS ******

(000027)1/23/2013 9:30:48 AM - ftpuser01 (62.75.138.232)> 230 Logged on

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)> SYST

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)> 215 UNIX emulated by FileZilla

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)> FEAT

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)> 211-Features:

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)>  MDTM

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)>  REST STREAM

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)>  SIZE

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)>  MLST type*;size*;modify*;

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)>  MLSD

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)>  UTF8

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)>  CLNT

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)>  MFMT

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)> 211 End

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)> PWD

(000027)1/23/2013 9:30:49 AM - ftpuser01 (62.75.138.232)> 257 "/" is current directory.

(000027)1/23/2013 9:30:50 AM - ftpuser01 (62.75.138.232)> TYPE I

(000027)1/23/2013 9:30:50 AM - ftpuser01 (62.75.138.232)> 200 Type set to I

(000027)1/23/2013 9:30:50 AM - ftpuser01 (62.75.138.232)> PASV

(000027)1/23/2013 9:30:50 AM - ftpuser01 (62.75.138.232)> 227 Entering Passive Mode (113,176,64,22,195,83)

(000027)1/23/2013 9:30:50 AM - ftpuser01 (62.75.138.232)> disconnected.

when i use webpage to test ftp, i had a results

Error: connection time out


0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card