cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
1143
Views
0
Helpful
1
Replies
jordanwmcdonald
Beginner

FTP/HTTP Server in NAT/PAT Scenario

Hello,

Scenario: I receive a single dynamic IP from my ISP via a cable modem acting as a bridge to a Cisco 3825 running ADVENTERPRISE 15.1(4)M7. Via the CLI, I have successfully configured the following on the router: NAT/PAT, ZBF, and SSLVPN. A small victory for me was figuring out how to allow the DHCP sequence between the router and the modem through ZBF. Also, one additional fact is that I am using the Server 2012 R2 host at 10.0.24.7 as an internal DHCP/DNS server.

Goal: To be able to remotely access the Web/FTP Sever located at 10.0.24.8 by using my WAN IP (disregarding the DDNS side of things for now). Secondly, I have managed to correctly configure the SSLVPN for remote access, but I am unable to connect to any LAN resources once connected.

Problem: As you can see, I have tried manipulating the ACLs, Class, and Policy maps to no avail in regards to both the FTP and FTP-data ports. Any suggestions are sincerely welcome! I have attached my Configuration (minus sensitive bits) to this post.

Regards,

Jordan

Message was edited by: Jordan McDonald - added note that config was attached.

1 REPLY 1
rhullinghorst86
Beginner

I am having simular issues.  I have NAT/PAT set up with a server running FTP and i can access it locally but not through the internet. 

My config is as follows:


interface FastEthernet0/0

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface FastEthernet0/1

ip address dhcp

ip access-group 110 in

no ip redirects

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

!

!

no ip http server

ip nat inside source list NAT interface FastEthernet0/1 overload

ip nat inside source static tcp 10.10.10.2 20 x.x.x.x 20 extendable

ip nat inside source static tcp 10.10.10.2 21 x.x.x.x 21 extendable

!

ip access-list standard NAT

permit 10.10.10.0 0.0.0.255

!

access-list 110 permit tcp any host 10.10.10.2 range ftp-data ftp

access-list 110 permit tcp any host 10.10.10.2 eq ftp

access-list 110 permit ip any any