FTP Access - Help please.

wananga01 · ‎04-27-2005

recently we changed our ISP and have connected to them using a Cisco 1700 Router. The connection is working and all workstations can access the Internet. NAT is configured on the router and an ACL is applied to the inside interface. I am experiencing a problem in that we cannot access FTP sites over the Internet.

interface FastEthernet0

description LAN Link

ip address 202.154.226.225 255.255.255.248

ip nat inside

ip virtual-reassembly

speed auto

!

interface Serial0

description ISP Link

ip address 202.154.201.54 255.255.255.252

ip nat outside

ip virtual-reassembly

encapsulation frame-relay IETF

frame-relay map ip 202.154.201.53 129

frame-relay interface-dlci 102

!

ip default-gateway 202.154.201.54

ip classless

ip route 0.0.0.0 0.0.0.0 202.154.201.53

no ip http server

!

ip nat inside source list 1 interface FastEthernet0 overload

!

access-list 1 permit 0.0.0.7 255.255.255.248

thisisshanky · ‎04-27-2005

Typically you use the WAN IP for NAT/PAT, why are you using the LAN IP for NAT/PAT ?

I dont see an ACL applied to the interface. You will need to enable CBAC (IOS FW feature set required) or else try using passive FTP.

Here is an example config.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a008009445f.shtml

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

wananga01 · ‎04-28-2005

I am using the LAN IP as I was having trouble connecting to the ISP and posted a message here. The reply advised me to set up router as posted in this conversation.

Any recommendations?

wananga01 · ‎04-28-2005

Thought I would post the network topology.

wananga01 · ‎05-11-2005

I have not changed any config settings however on our internal network we have a Cisco 3550 switch with VLANs

VLAN100 10.10.0.254

VLAN200 10.2.0.254

VLAN100 is our server vlan and the 10.10.0.0 subnet can access FTP services but the 10.2.0.0 subnet cannot.