01-10-2011 02:34 PM - edited 03-11-2019 12:33 PM
Sometime shortly after deploying my ASA 5510, I was forced to remove the default global inspection policy in order to sort out an issue with TLS over SMTP. Today, I'm having problems accessing external hosts with FTP, even in passive mode. As an example, I can log into a remote server with no problem, but as soon as I issue an ls command, the session is disconnected. A packet trace reveals that I'm sending my inside RFC 1918 IP address out along with this ls command, and after that, the server is disconnecting me.
I have reconfigured a small portion of the default policy in an attempt to resolve the issue, to no avail. I have the following commands present:
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect ftp
There are no other "policy-map type inspect ftp" commands present on the appliance.
Any guidance would be appreciated. I'm quite unfamiliar with the MPF on ASA 8. I have attempted to use this configuration example as a guide: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080aee442.shtml
I still haven't been able to figure it out, however.
Thanks,
Solved! Go to Solution.
01-10-2011 02:48 PM
yeah, you need to apply the service policy using :-
asa(conf)#service-policy global_policy global
Given that when you run --> sh run policy map , you see policy-map global_policy
Manish
01-10-2011 02:38 PM
From another post, I gleaned that some useful information be obtained with the show service-policy inspect ftp command. I have run it, and it returned no information. I take this to mean that my configuration is not in effect.
xxx5510# show service-policy inspect ftp
xxx5510#
01-10-2011 02:43 PM
Just do sh service-policy and see if you get any output ?
manish
01-10-2011 02:44 PM
xxx5510# show service-policy
xxx5510#
01-10-2011 02:48 PM
yeah, you need to apply the service policy using :-
asa(conf)#service-policy global_policy global
Given that when you run --> sh run policy map , you see policy-map global_policy
Manish
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide