Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
812
Views
0
Helpful
5
Replies

FTP

sibgathullah
Level 1
Level 1

‎04-18-2009 05:46 AM - edited ‎03-09-2019 10:14 PM

Dear All,

I am not able to access FTP from internal network or office, if i connect from other then my office i can access.

What port i have to enable on ASA 5510 & ISA???

Labels:
0 Helpful
5 Replies 5

roshan.maskey
Level 1
Level 1

‎04-18-2009 06:19 PM

Hi,

I assume that the office connected interface is configured as inside with security-level 100.

Check the following:

1. ACL bounded to inside interface

asa(config)# show run access-group

if it results: access-group inside_access_in in interface inside

then: show run access-list inside_access_in

verify if the acl has: access-list insidie_access_in permit tcp 192.168.57.0 255.255.255.0 any eq ftp

where 192.168.57.0 is your office network.

if your network has no such acl add one.

2. Check your service policy

run command:asa(config)# sh run service-policy

check: if there is global_policy or interface policy applied to inside interface.

3. Check what protocols are inspected

run command: sh run policy-map

find: the policy and verify "inspect ftp" is there in inside class-map of policy-map applied to inside interface.

if you don't find one, add one.

If possible, post your config for review

H2H

Roshan

0 Helpful

sibgathullah
Level 1
Level 1
In response to roshan.maskey

‎04-19-2009 04:39 AM

Dear Roshan,

Thanks for your answer, but i would like to elaborate.....i have my ftp server some outside my network on a public ip n from my network i cannot access it.i have enable the port 20 & 21 but still i m not able to access....

0 Helpful

AxiomConsulting
Level 1
Level 1
In response to sibgathullah

‎04-20-2009 04:53 AM

Further to Roshans earlier post, once the ACL is added (or confirmed that you have one) run the following command to ensure that the ACL has a hit count.

sho access-list

Also, ensure that this FTP server is accessible from the outside of your network, if possible setup a directly connected machine to your internet connection (purely for testing!)

HTH

Steve

0 Helpful

sibgathullah
Level 1
Level 1
In response to AxiomConsulting

‎04-20-2009 11:50 PM

Dear ,

Below is the access-list which are configured on ASA. But still i am not able to access FTP site.

access-list out-in line 22 extended permit tcp any eq ftp any eq ftp (hitcnt=0)

access-list out-in line 23 extended permit tcp any gt 1023 any gt 1023 (hitcnt=3517)

access-list out-in line 24 extended permit tcp any eq ftp-data any eq ftp-data (hitcnt=0)

0 Helpful

AxiomConsulting
Level 1
Level 1
In response to sibgathullah

‎04-21-2009 12:28 AM

Please can you post your access-group config so I can see what direction the ACLs have been applied.

Steve

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents