Hi guys trying to get FTP access to work from our inside network to FTP servers on the public net, all other functions seem to be working ok, but when we go to FTP we get username password prompt but nothing else,
i'm sure it's an access-list but can't quite work out what the acccess-list should read
Note are internal subnet is 255.255.248.0 (when looking through the config)
Any help would be appreciated
Paul
! hostname PIX domain-name xxx enable password xxxx encrypted names dns-guard ! interface Ethernet0 nameif outside security-level 0 ip address xxx.xxx.xxx.146 255.255.255.240 ! interface Ethernet1 nameif inside security-level 100 ip address xxx.xxx.xxx.251 255.255.248.0 ! interface Ethernet2 nameif DMZ security-level 0 ip address 192.168.192.254 255.255.255.0 ! passwd gzEiakETMGiqocHN encrypted ftp mode passive access-list out-acl extended permit icmp any any echo-reply access-list out-acl extended permit icmp any any unreachable access-list out-acl extended permit icmp any any time-exceeded access-list out-acl extended permit icmp any any source-quench access-list out-acl extended permit icmp any any parameter-problem access-list out-acl extended permit tcp any any eq ssh access-list out-acl extended permit tcp any any eq ftp access-list out-acl extended permit tcp host xxx.xxx.xxx.151 any eq www access-list out-acl extended permit tcp host xxx.xxx.xxx.151 any eq https access-list out-acl extended permit tcp host xxx.xxx.xxx.151 any eq ftp access-list out-acl extended permit tcp host xxx.xxx.xxx.151 any eq ftp-data access-list out-acl extended permit tcp any host xxx.xxx.xxx.151 eq www access-list out-acl extended permit tcp any host xxx.xxx.xxx.151 eq https access-list out-acl extended permit tcp any host xxx.xxx.xxx.151 eq ftp access-list out-acl extended permit tcp any host xxx.xxx.xxx.151 eq ftp-data access-list acl100 extended permit tcp xxx.xxx.xxx.0 255.255.248.0 any eq www access-list acl100 extended permit tcp xxx.xxx.xxx.0 255.255.248.0 any eq https access-list acl100 extended permit tcp xxx.xxx.xxx.0 255.255.248.0 any eq smtp access-list acl100 extended permit tcp xxx.xxx.xxx.0 255.255.248.0 any eq ftp access-list acl100 extended permit icmp xxx.xxx.xxx.0 255.255.248.0 any access-list acl100 extended permit tcp xxx.xxx.xxx.0 255.255.248.0 any eq domain access-list acl100 extended permit udp xxx.xxx.xxx.0 255.255.248.0 any eq domain access-list acl100 extended permit udp xxx.xxx.xxx.0 255.255.248.0 any eq ntp access-list acl100 extended permit tcp xxx.xxx.xxx.0 255.255.248.0 any eq ssh access-list acl100 extended permit tcp xxx.xxx.xxx.0 255.255.248.0 any eq telnet access-list acl100 extended permit tcp xxx.xxx.xxx.0 255.255.248.0 any eq pop3 access-list acl100 extended permit tcp any any eq ssh access-list acl100 extended permit tcp any any eq domain access-list acl100 extended permit udp any any eq domain access-list acl100 extended permit udp any any eq ntp access-list acl100 extended permit udp any any eq 13 access-list acl100 extended permit tcp any any eq daytime access-list acl100 extended permit tcp xxx.xxx.xxx.0 255.255.248.0 any eq ftp-data pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 mtu DMZ 1500 asdm image flash:/asdm asdm location 192.168.192.10 255.255.255.255 DMZ asdm location xxx.xxx.xxx.20 255.255.255.255 inside no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) xxx.xxx.xxx.151 xxx.xxx.xxx.48 netmask
255.255.255.255 access-group out-acl in interface outside access-group acl100 in interface inside route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.145 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute http server enable http 192.168.1.0 255.255.255.0 inside http xxx.xxx.xxx.0 255.255.248.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet 0.0.0.0 0.0.0.0 inside telnet xxx.xxx.xxx.0 255.255.248.0 inside telnet timeout 25 ssh 0.0.0.0 0.0.0.0 outside ssh 0.0.0.0 0.0.0.0 inside ssh timeout 25 console timeout 0 dhcpd lease 3600 dhcpd ping_timeout 50 ! policy-map global_policy !