Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
4
Replies

Access DMZ

Go to solution
refram
Level 3
Level 3

‎08-10-2004 04:23 AM - edited ‎03-09-2019 08:22 AM

Reposting because it's gotten a bit buried...

I have a PIX 515e with a DMZ interface. On that interface is an FTP server.

I can access the internet from the inside LAN and from the DMZ server. The internet can access the DMZ server for FTP-ing. However, the inside LAN cannot access the FTP server. I have a static mapping from the inside to the DMZ:

static (inside,dmz) 172.16.255.254 192.168.40.250 netmask 255.255.255.255 0 0

But when I try to access the FTP it says the connection is refused. I don't have an ACL set up to allow access. I didn't think I would need to since I'm going from a higher security zone to a lower, but maybe I'm wrong.

I also tried the "alias" bit from another post. No luck.

The PIX version is 6.3(3). The client IP is 192.168.40.10, the IP of the server in the DMZ is 172.16.255.254. Fixup protocol ftp 21 is enabled. The syslog says:

305006: portmap translation creation failed for tcp src inside:192.

168.40.10/51886 dst dmz:192.168.40.250/21

I looked in a few places to see if I could find a resolution based on what I saw in the syslog but it seemed like few of the suggestions were applicable. The one that was (clearing the translations) didn't help.

Thanks a lot everyone, you've all really helped.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jmia
Level 7
Level 7

‎08-10-2004 05:02 AM

Hi,

For reference check with this URL:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008015efa9.shtml

The above URL is for Mail server access on DMZ but you can substitute this for your FTP server.

Let me know if this help or require further help.

Jay

View solution in original post

0 Helpful
4 Replies 4

Go to solution
bhose
Level 1
Level 1

‎08-10-2004 05:01 AM

Hi,

Do you require a translation between your inside and DMZ networks. If not then the static should read:-

static (inside,dmz) 192.168.40.0 netmask 255.255.255.0 0 0

Regards Brett

0 Helpful

Go to solution
jmia
Level 7
Level 7

‎08-10-2004 05:02 AM

Hi,

For reference check with this URL:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008015efa9.shtml

The above URL is for Mail server access on DMZ but you can substitute this for your FTP server.

Let me know if this help or require further help.

Jay

0 Helpful

Go to solution
refram
Level 3
Level 3
In response to jmia

‎08-10-2004 05:15 AM

You guys Rock! I'll give this stuff a shot today.

Thanks so much.

0 Helpful

Go to solution
refram
Level 3
Level 3
In response to jmia

‎08-11-2004 02:54 AM

The URL you gave me was what I needed. Thanks again.

0 Helpful
Customers Also Viewed These Support Documents