05-30-2008 05:10 PM - edited 03-05-2019 11:20 PM
I am trying to do a FTP connection from one of my servers that is behind a cisco router.
We have a server park where 3 servers are behind a cisco with local ip's, and 1 server that is public, and NOT behind the cisco.
I am trying to connect to an external FTP server without luck with the 3 servers behind the cisco. But the public one connects allright. The 3 servers behind the router is NAT'ed to local ips from public ones, in the router config.
This is the FTP config in the router right now:
(The ip is fake)
permit tcp host 207.190.199.99 eq ftp any conduit
permit tcp host 10.0.10.2 eq ftp any conduit
permit tcp any eq ftp any conduit
permit tcp any any eq ftp
These 3 servers are also in a VPN with a external company, if that information is of any relevance.
Just for information, this is not my field of work, I am a programmer, so if anyone needs more info, or didn't understand my problem - please advice me!
Best regards - Eivind (Sao Paulo - Brasil)
05-30-2008 08:01 PM
Hi,
you can try by opening ftp-data port also. As ftp uses 20&21. If does not work, post the rtr config, someone will able to help you out.
hth
MS
05-30-2008 10:28 PM
FTP server could also require ports for forwarding passive FTP
05-31-2008 04:24 PM
Thanks guys for trying to help me, this is the rest of my config in the router:
- the ip that ends with 97 is the router
- the ip that ends with 98 is the server that works with ftp
- the ip that ends with 98 is the server that does not work
- the ip 200 series is our external partner with the vpn connection
ALL IP'S ARE OFCOURSE FAKE..
See next post for the actual config....
If someone could help me do some logging as well, maybe that could help me..
Thanks in advance!! Eivind
05-31-2008 04:26 PM
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 100 permit ip host 299.999.999.99 host 200.000.000.22
access-list 100 permit ip host 299.999.999.99 host 200.000.000.129
access-list 100 permit ip host 299.999.999.99 host 200.000.000.127
access-list 100 permit ip host 299.999.999.99 host 200.000.000.137
access-list 100 permit ip host 299.999.999.99 host 200.000.000.139
access-list 100 permit ip host 299.999.999.99 host 200.000.000.155
access-list 100 permit ip host 299.999.999.99 host 200.000.000.156
access-list 100 permit ip host 299.999.999.99 host 200.000.000.157
access-list 100 permit ip host 299.999.999.99 host 200.000.000.158
access-list 100 permit ip host 299.999.999.98 host 200.000.000.22
access-list 100 permit ip host 299.999.999.98 host 200.000.000.127
access-list 100 permit ip host 299.999.999.98 host 200.000.000.137
access-list 100 permit ip host 299.999.999.98 host 200.000.000.139
access-list 100 permit ip host 299.999.999.98 host 200.000.000.155
access-list 100 permit ip host 299.999.999.98 host 200.000.000.156
access-list 100 permit ip host 299.999.999.98 host 200.000.000.157
access-list 100 permit ip host 299.999.999.98 host 200.000.000.158
access-list 100 permit tcp host 299.999.999.98 host 299.999.999.99
access-list 100 permit ip host 299.999.999.98 host 200.000.000.129
05-31-2008 04:27 PM
the rest of the config:
pager lines 24
logging on
logging buffered debugging
logging queue 8096
mtu outside 1500
mtu inside 1500
ip address outside 299.999.999.97 255.255.255.0
ip address inside 10.0.10.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 10.0.10.2 255.255.255.255 inside
pdm location 299.999.999.97 255.255.255.255 outside
pdm location 10.0.10.4 255.255.255.255 inside
pdm location 10.0.10.5 255.255.255.255 inside
pdm history enable
arp timeout 14400
nat (inside) 0 access-list 100
static (inside,outside) 299.999.999.99 10.0.10.2 netmask 255.255.255.255 0 0
static (inside,outside) 299.999.999.98 10.0.10.4 netmask 255.255.255.255 0 0
static (inside,outside) 299.999.999.96 10.0.10.5 netmask 255.255.255.255 0 0
conduit permit icmp host 299.999.999.99 any echo
conduit permit icmp host 299.999.999.99 any echo-reply
conduit permit icmp host 299.999.999.99 any source-quench
conduit permit icmp host 299.999.999.99 any unreachable
conduit permit icmp host 299.999.999.99 any time-exceeded
conduit permit icmp host 299.999.999.98 any echo
conduit permit icmp host 299.999.999.98 any echo-reply
conduit permit icmp host 299.999.999.98 any source-quench
conduit permit icmp host 299.999.999.98 any unreachable
conduit permit icmp host 299.999.999.98 any time-exceeded
conduit permit icmp any any
conduit permit tcp host 299.999.999.99 eq 8080 any
conduit permit tcp host 299.999.999.99 eq 8009 any
conduit permit tcp host 299.999.999.99 eq www any
conduit permit tcp host 299.999.999.99 eq ssh any
conduit permit tcp host 299.999.999.99 any
conduit permit tcp host 299.999.999.98 any
conduit permit tcp host 299.999.999.96 any
conduit permit tcp host 299.999.999.98 eq www any
conduit permit tcp host 10.0.10.4 host 10.0.10.2
conduit permit tcp host 10.0.10.2 host 10.0.10.4
conduit permit udp host 299.999.999.98 eq snmp any
conduit permit udp host 299.999.999.98 eq snmptrap any
conduit permit udp host 299.999.999.99 eq snmp any
conduit permit udp host 299.999.999.99 eq snmptrap any
conduit permit tcp host 299.999.999.98 eq 9101 any
conduit permit tcp host 299.999.999.98 eq 9102 any
conduit permit tcp host 299.999.999.98 eq 9103 any
conduit permit tcp host 299.999.999.99 eq 9103 any
conduit permit tcp host 299.999.999.99 eq 9102 any
conduit permit tcp host 299.999.999.99 eq 9101 any
conduit permit udp host 299.999.999.99 eq 9101 any
conduit permit udp host 299.999.999.99 eq 9102 any
conduit permit udp host 299.999.999.99 eq 9103 any
conduit permit udp host 299.999.999.98 eq 9101 any
conduit permit udp host 299.999.999.98 eq 9102 any
conduit permit udp host 299.999.999.98 eq 9103 any
conduit permit udp host 299.999.999.99 eq 1194 any
conduit permit udp host 299.999.999.98 eq 1194 any
conduit permit tcp host 299.999.999.99 eq ftp any
conduit permit tcp host 10.0.10.2 eq ftp any
conduit permit tcp any eq ftp any
conduit permit tcp any any eq ftp
route outside 0.0.0.0 0.0.0.0 299.999.999.1 1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide