08-04-2012 04:17 AM - edited 03-11-2019 04:38 PM
Hi.
I've an ASA5505 running 8.4 firmware
I'm trying to configure access to an internal FTP server using the same IP address we have in the outside interface.
The configuration is as follows:
---------
object network FTP
host 192.168.125.32
object network FTP
nat (inside,outside) static interface service tcp ftp ftp
access-list outside_access_in line 3 extended permit tcp any object Fax eq ftp log default
---------
... But it doesn't work ...
If I use any other public accesible IP to do the NAT it works fine. For example:
---------
object network Fax
nat (inside,outside) static 44.44.44.44 service tcp ftp ftp
---------
So, is it not possible to use the outside interface of the ASA to redirect a port to an internal service??
08-05-2012 05:44 AM
It is not correct
access-list outside_access_in line 3 extended permit tcp any object Fax eq ftp log default
it should be
access-list outside_access_in line 3 extended permit tcp any object FTP eq ftp log default
Try with this
Rate this if it is helpful..
08-05-2012 02:36 PM
Hi Gourav.
You are right. I made a mistake while copying the lines. But the problem persist with the changes you mention.
Sent from Cisco Technical Support iPhone App
08-05-2012 10:55 PM
please provide your running config output .
07-22-2013 04:03 AM
Hi, I've the same issue with FTP on outside interface (other IP works well). Have you found any workaround? I'm running on 8.4.6
Thanks
08-05-2013 03:08 AM
Hi.
I haven't found a solution. Finally I had to use other IP address than the one used by the outside interface.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide