06-05-2012 07:36 PM - edited 03-11-2019 04:15 PM
FTP access thru an ASA5510 to an ftp server on the private had been working fine. Suddenly today there is no access from the outside but inside users have no problem.
I ran a packet trace with animation and the 5510 says the packets are being dropped by rule in the access list. I changed nothing in the access list and ftp has been working all along.
I can include a copy of the running config if you require it but on the assumption that the full list will not be required I can verify the access list for ftp is as follows...
access-list Internet_access_in extended permit tcp any host 96.56.127.171 eq ftp
access-list Internet_access_in extended permit tcp any host 96.56.127.171 eq ftp-data
I realize I haven't given you much to go on but I should add that extensive configuration changes were made to the ASA5510 to configure for VPN access so it is possible that something happened during the VPN work but all other services that have exactly the same format access lists continue to function normally. The only internal server I have lost outside access to is ftp. The mail server and VPN continue to function normally.
Thanks
Ed
06-05-2012 08:20 PM
which rule does it say has been dropped in the packet tracer? and do you happen to have an access-list above the current 2 FTP rules that might drop the FTP connection?
can you connect to the ftp server and it fails on the data connection, or you can't even connect to your ftp server?
if you can share the config, that would help.
06-06-2012 05:02 AM
Hello Jennifer
According to the activity monitor on the FTP server, the initial connection is successful so I assume the failure is occurring on the data connection portion.
I will post the full access list as soon as I get to the office later today.
Thank you
Ed
06-06-2012 05:06 AM
AHh, in that case, maybe ftp inspection is somehow disabled and I assume that you are using passive FTP?
06-06-2012 05:25 AM
Yes... passive FTP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide