08-04-2012 04:17 AM - edited 03-11-2019 04:38 PM
Hi.
I've an ASA5505 running 8.4 firmware
I'm trying to configure access to an internal FTP server using the same IP address we have in the outside interface.
The configuration is as follows:
---------
object network FTP
host 192.168.125.32
object network FTP
nat (inside,outside) static interface service tcp ftp ftp
access-list outside_access_in line 3 extended permit tcp any object Fax eq ftp log default
---------
... But it doesn't work ...
If I use any other public accesible IP to do the NAT it works fine. For example:
---------
object network Fax
nat (inside,outside) static 44.44.44.44 service tcp ftp ftp
---------
So, is it not possible to use the outside interface of the ASA to redirect a port to an internal service??
08-05-2012 05:44 AM
It is not correct
access-list outside_access_in line 3 extended permit tcp any object Fax eq ftp log default
it should be
access-list outside_access_in line 3 extended permit tcp any object FTP eq ftp log default
Try with this
Rate this if it is helpful..
08-05-2012 02:36 PM
Hi Gourav.
You are right. I made a mistake while copying the lines. But the problem persist with the changes you mention.
Sent from Cisco Technical Support iPhone App
08-05-2012 10:55 PM
please provide your running config output .
07-22-2013 04:03 AM
Hi, I've the same issue with FTP on outside interface (other IP works well). Have you found any workaround? I'm running on 8.4.6
Thanks
08-05-2013 03:08 AM
Hi.
I haven't found a solution. Finally I had to use other IP address than the one used by the outside interface.
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: