Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1085
Views
0
Helpful
4
Replies

SFTP Through ASA55xx Rule/Nat Help

tinochelli
Level 1
Level 1

‎02-18-2011 03:12 AM - edited ‎03-11-2019 12:52 PM

Hey All,

Looking for a bit off assistance with a strange issue i've inherited on a live VoIP network.  The voice infrastructure is behind an ASA 5500 and i have a scheduled backup to run on a weekly basis.

Once it was set up it ran fine for a couple of weeks then started failing.  I check the log on Solarwinds SFTP and the login credentials are authenticated and also says "Uploading file to..."

When I check on the Publisher backup screen it says: Failed to initiate backup. Unable to access SFTP server or SFTP server too slow to respond"


When i connect locally to the FTP server its fine so my thinking is an issue with the ASA.  See ACL and NAT below.

access-list 200 extended permit tcp host 172.16.80.130 10.16.80.0 255.255.255.0
access-list 200 extended permit udp host 172.16.80.130 10.16.80.0 255.255.255.0
access-list 200 extended permit icmp host 172.16.80.130 10.16.80.0 255.255.255.0


access-list natd  extended permit ip 10.16.80.0 255.255.255.0 host 172.16.80.130

static (Inside,Outside) 10.16.80.254 10.16.80.254 netmask 255.255.255.255

I have restarted the SFTP service.

As I said this was working so dont quite understand why it has stopped.    Any suggestions greatly appreciated.

Cheers,

Labels:
0 Helpful
4 Replies 4

martin_knorre
Level 1
Level 1

‎02-18-2011 03:29 AM

Hi,

have you altered your static NAT command because it looks weird, why do you want to nat statically from 10.16.80.254 to 10.16.80.254?

You should nat from your outside local to the inside local.

greets Martin

0 Helpful

tinochelli
Level 1
Level 1
In response to martin_knorre

‎02-18-2011 03:33 AM

Hi Martin,

Yeah its a translation to itself essentially.  So it goes in as 10.16.80.254 and comes out as the same. When I check the logs on the SFTP server I can see 10.16.80.254 being successfully logged in.

Thanks

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to tinochelli

‎02-18-2011 09:05 PM

Hi,

There are a couple of troubleshooting steps that we can do. Please, take the logs from one FTP attempt in order to see the reason for the connection teardown.

We will take it from there.

Thanks

Mike

Mike
0 Helpful

tinochelli
Level 1
Level 1
In response to Maykol Rojas

‎03-02-2011 08:05 AM

All,

Thanks for the advice but I ahve now resolved the issue.  It was related to user permissions for the FTP within AD

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card