So this is my configuration for an ASA 5505.
I set up VPN, SMTP, and WWW.
VPN and SMTP work now I need the FTP access to work. Its a pretty simple config just need FTP incoming. I really am having a hard time figuring it out.
Any ideas:
! interface Vlan1 nameif inside security-level 100 ip address 192.168.101.1 255.255.255.0 ospf cost 10 ! interface Vlan2 nameif outside security-level 0 ip address 66.***.***.***255.255.255.248 ospf cost 10 ! interface Vlan3 no forward interface Vlan1 nameif dmz security-level 50 no ip address ospf cost 10 ! passwd ********** encrypted ftp mode passive clock timezone MST -7 clock summer-time MDT recurring dns server-group DefaultDNS domain-name *******.com object-group service test tcp port-object range 1 65000 access-list outside_access_in extended permit tcp any host
66.***.***.*** eq https access-list outside_access_in remark Allow website access access-list outside_access_in extended permit tcp any host 66.***.***.*** eq www access-list outside_access_in extended permit tcp any host 66.***.***.*** eq 4125 access-list outside_access_in extended permit tcp any host 66.***.***.*** eq 3389 access-list outside_access_in extended permit tcp any host **** eq 3389 access-list outside_access_in extended permit tcp any host 66.***.***.*** eq pptp access-list outside_access_in extended permit tcp any host **** eq 3389 access-list outside_access_in extended permit tcp any host 66.***.***.*** eq smtp access-list outside_access_in extended permit ip any host 66.244.240.165 access-list outside_access_in extended permit tcp any host 66.244.240.165 eq ftp access-list outside_access_in extended permit tcp any host 66.244.240.165 eq ftp-data access-list outside_access_in extended permit icmp any any access-list inside_access_out remark Allow all outbound access-list inside_access_out extended permit ip any any access-list inside_access_out extended permit tcp any object-group test any pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 mtu dmz 1500 asdm image disk0:/asdm-521.bin no asdm history enable arp timeout 14400 global (inside) 1 Geotech3 netmask 255.255.255.0 global (outside) 10 interface nat (inside) 10 192.168.101.0 255.255.255.0 static (inside,outside) 66.***.***.*** ServerName netmask 255.255.255.255 static (inside,outside) 66.***.***.*** GCSSBSDEN-01 netmask 255.255.255.255 static (inside,outside) 66.224.240.165 Geotech3 netmask 255.255.255.255 access-group inside_access_out in interface inside access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 66.224.240.161 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip- disconnect 0:02:00 timeout uauth 0:05:00 absolute http server enable http 192.168.155.0 255.255.255.0 inside http 192.168.101.0 255.255.255.0 inside http GGT 255.255.255.255 outside http GGT2 255.255.255.255 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto isakmp nat-traversal 20 telnet 192.168.101.0 255.255.255.0 inside telnet timeout 5 ssh 192.168.101.0 255.255.255.0 inside ssh GGT 255.255.255.255 outside ssh GGT2 255.255.255.255 outside ssh timeout 5