1. Home
  2. Cisco Systems
  3. Forward FTP traffic on PIX 515

Forward FTP traffic on PIX 515

I am unable to foward FTP traffic to my internal server. Can someone take a look at my configuration and see if I am missing anything. Thanks

PIX Version 7.0(1) hostname doncarpix domain-name doncarsys.com ftp mode passive clock timezone CST -6 clock summer-time CDT recurring access-list ACL_OUT extended permit tcp any host x.x.114.254 eq ftp no pager logging enable logging timestamp logging emblem logging trap warnings logging asdm warnings logging mail critical logging from-address snipped-for-privacy@doncarsys.com logging recipient-address snipped-for-privacy@doncarsys.com level errors logging host inside 198.163.230.202 format emblem mtu external 1500 mtu inside 1500 no failover monitor-interface external monitor-interface inside asdm image flash:/asdm no asdm history enable arp timeout 14400 global (external) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,external) tcp x.x.114.254 ftp 198.163.230.1 ftp netmask

255.255.255.255 access-group ACL_OUT in interface external route external 0.0.0.0 0.0.0.0 x.x.114.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute username jduguay password EVop5bqi.XYr9e0u encrypted privilege 15 aaa authentication enable console LOCAL aaa authentication http console LOCAL aaa authentication serial console LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL http server enable http 198.163.230.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp telnet 198.163.230.0 255.255.255.255 inside telnet timeout 5 ssh scopy enable ssh 198.163.230.0 255.255.255.255 inside ssh timeout 5 console timeout 0 dhcpd lease 3600 dhcpd ping_timeout 50 ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect ftp ! service-policy global_policy global management-access inside Cryptochecksum:56ed1986d662ca941f5c3b9ca8419bcd : end
Reply to
duguayjordan
Loading thread data ...

In article , snipped-for-privacy@gmail.com wrote: :I am unable to foward FTP traffic to my internal server.

:PIX Version 7.0(1)

I haven't worked with 7.0(1) yet, but I'll give it a try. Note that 7.0(2) is out to fix a number of bugs.

:access-list ACL_OUT extended permit tcp any host x.x.114.254 eq ftp

:global (external) 1 interface :nat (inside) 1 0.0.0.0 0.0.0.0 :static (inside,external) tcp x.x.114.254 ftp 198.163.230.1 ftp netmask

255.255.255.255 :access-group ACL_OUT in interface external

You chopped out both 'ip address' statements, which makes it harder to diagnose. It would have been easier if you had left in the ip addresses but obscured them as you did for the other locations.

If it so happens that x.x.114.254 is your outside PIX IP, then in 6.x you would need to use "interface outside" in the ACL instead of "host x.x.114.254", and in the static statement you would replace "x.x.114.254" with the keyword "interface".

If it so happens that 198.163.230.1 is your PIX inside address, you have a problem.

Reply to
Walter Roberson

Router External IP: 24.76.114.254 Router Internal IP 198.163.230.3 FTP Server IP 198.163.230.1

I changed the ACL and route like you suggested and still nothing. Is there anything else that may be wrong with the configuration?

Reply to
duguayjordan

In article , snipped-for-privacy@gmail.com wrote: ;Router External IP: 24.76.114.254 ;Router Internal IP 198.163.230.3 ;FTP Server IP 198.163.230.1

:I changed the ACL and route like you suggested and still nothing. Is :there anything else that may be wrong with the configuration?

Could you post the outside ACL, and static, and IP statements?

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.