FTP access thru an ASA5510 to an ftp server on the private had been working fine. Suddenly today there is no access from the outside but inside users have no problem.
I ran a packet trace with animation and the 5510 says the packets are being dropped by rule in the access list. I changed nothing in the access list and ftp has been working all along.
I can include a copy of the running config if you require it but on the assumption that the full list will not be required I can verify the access list for ftp is as follows...
access-list Internet_access_in extended permit tcp any host 220.127.116.11 eq ftp
access-list Internet_access_in extended permit tcp any host 18.104.22.168 eq ftp-data
I realize I haven't given you much to go on but I should add that extensive configuration changes were made to the ASA5510 to configure for VPN access so it is possible that something happened during the VPN work but all other services that have exactly the same format access lists continue to function normally. The only internal server I have lost outside access to is ftp. The mail server and VPN continue to function normally.
which rule does it say has been dropped in the packet tracer? and do you happen to have an access-list above the current 2 FTP rules that might drop the FTP connection?
can you connect to the ftp server and it fails on the data connection, or you can't even connect to your ftp server?
if you can share the config, that would help.
According to the activity monitor on the FTP server, the initial connection is successful so I assume the failure is occurring on the data connection portion.
I will post the full access list as soon as I get to the office later today.