07-06-2016 03:32 AM - edited 03-12-2019 12:59 AM
Can anyone please advise how to configure FTP in both active & passive modes using the ASDM for the ASA.
There seems to be more to it than simply allowing access to ports 20 & 21.
Kind regards, K Azam
07-06-2016 04:17 PM
Hi,
Have a look at the following docs:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113110-asa-enable-ftp-00.html
http://www.cisco.com/c/en/us/support/docs/content-networking/file-transfer-protocol-ftp/200194-ASA-9-x-Configure-FTP-TFTP-Services.html
Thanks
John
07-07-2016 04:11 AM
Thank you John but I was after the method using the ASDM.
Regards
07-08-2016 04:38 AM
I've created an ACL & allowed FTP from the source (remote client) to the destination (FTP server located behind the ASA) - this has been applied inbound on the outside interface.
This is supposed to work over a VPN connection but I get the attached error message when I run packet tracer.
Any ideas??...anyone?
07-08-2016 05:15 AM
Is the VPN tunnel you tested up? Do you have ftp inspections enabled at the service policy?
07-08-2016 06:31 AM
Yes, used the sh crypto ipsec sa cmd to verify vpn tunnel is up and
ftp inspection is enabled in service policy rules
07-08-2016 10:34 PM
Is it a site to site vpn? Does other allowed traffic work? Do you use vpn filters?
Could you send us the relevant config (service policies, interface acl, vpn-filter)
07-26-2016 08:06 AM
Sorry I've not responded, been so busy with the a separate vpn issue but I will be working on this soon. Thanks for your help thus far.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide