I am having some issues with allowing this through our ASA. I started pulling the config apart to post but started googling and I see some stuff about having to allow other high ports. I currently have what I think are the correct ones, 21 and 20.
Anything blatent that I am missing or should I continue to post the config here?
Passive is already on on the ASA. Here is the offending line in the syslog output. I think this has to do with the High Ports that are used with setting up the data port. As I can get connected but as soon as I type either DIR or LS it hangs.
Is there any fixup for FTP, any class maps for FTP or any inspection services for FTP?
The above entry tells me that the ACL DMZ_access_in is blocking traffic from the DMZ to the INTERNET, could you add an ACL allowing DMZ: port 20 to the INTERNET:ANY?
name 192.168.18.3 Internal_Web_Mail_Server description Internal_Web_Mail_Server name a.b.c.194 External_Web_Mail_Server description External_Web_Mail_Server
Thanks Artie. Your post got me digging around and the "fixup protocol ftp 21" just got it working! I don't know how I missed that. Guess I need to read up more and see what else is missing!
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.