Re: FTP issues from Internal server

fortis123 · ‎05-22-2008

Hi all,

L3Switch --> ASA--> Internet router.

The Switch Does not have any default route configured but has BGP with Internet router. BGP injects default route in to Switch.

B* 0.0.0.0/0 [200/0] via 6.91.31.65, 7w0d

ASA has OSPF enabled and the L3 switch as well. From any PC in the network if we check whatismyip.com: 6.91.31.70 (ASA outside interface IP).

The problem here is we are trying to FTP to external site from a server iside the switch, it allows us to loginto site but any other command- immediately disconnects.

---------------------------------------

ftp> ls

500 Illegal PORT command

425 Unable to build data connection: Connection refused

-------------------------------------

The server can make successful FTP to internal servers at another location via P2P DS3 link. I tried 1. Removing the ACL on the internet router outside interface and also wilth passive FTP (from windows ftp client on server)- but no luck.

The destination has ports open for : 6.91.31.70

Please suggest...

Thank you

MS

fortis123 · ‎05-22-2008

Ok.. I got lucky with enabling 'inspect ftp' on ASA and removing ACL from Internet router external interface.

But as it is not a good idea to leave the external interface on the Internet rtr open, iam looking for a way to get thsi accomplished. This server currently has no public IP or static nat configured on the ASA. It hits the internet via Nat'ed IP of the ASA outside interface as any other servers/work stations.

So inorder to accomplish what Iam looking for do I need to have Static Public IP for the Internal server..? Also, what kind of ACL helps me out here from allowing FTP connections sourced from this server.

Thanks you in advance

MS

fortis123 · ‎05-23-2008

Resolved myself with proper ACLs.. :-)

Thank you

MS