[c-nsp] FTP Problem - Cisco ASA Box

Paul Stewart pstewart at nexicomgroup.net
Wed Aug 30 15:44:06 EDT 2006


Hi there..

I'm having an issue with a new Cisco ASA5520 for ftp'ing to remote
sites... Some sites work but very very slow and other sites come back
with "illegal port" error.  Have tried active and passive mode transfers
from my CuteFTP client...

Can anyone help? :)

Paul Stewart
Network Administrator
Nexicom Inc.
http://www.nexicom.net/ 


ASA Version 7.1(2)
!
hostname acs4-fw-mb
domain-name nexicom.net
enable password XXXXXXXXXXXXXXXXXXXXX encrypted
names
!
interface GigabitEthernet0/0
 nameif Outside
 security-level 0
 ip address xxx.xxx.xxx.xxx 255.255.255.240
!
interface GigabitEthernet0/1
 nameif Inside
 security-level 100
 ip address xxx.xxx.xxx.xxx 255.255.255.0
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd XXXXXXXXXXXXXXXXXXX encrypted
no ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup Outside
dns domain-lookup Inside
dns server-group DefaultDNS
 domain-name nexicom.net
access-list AIP extended permit ip any any
access-list ANY extended permit ip any any
access-list ANY extended permit icmp any any
pager lines 24
logging enable
logging timestamp
logging trap informational
logging asdm informational
logging host Outside xxx.xxx.xxx.xxx
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip verify reverse-path interface Outside
ip verify reverse-path interface Inside
no failover
asdm image disk0:/asdm512-k8.bin
asdm history enable
arp timeout 14400
nat-control
global (Outside) 10 interface
nat (Inside) 10 0.0.0.0 0.0.0.0 dns
access-group ANY in interface Outside
access-group ANY out interface Outside
access-group ANY in interface Inside
access-group ANY out interface Inside
route Outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username admin password XXXXXXXXXXXXXXX encrypted privilege 15
!
class-map AIP
 match access-list AIP
!
!
policy-map AIP
 class AIP
  ips inline fail-open
!
service-policy AIP global



More information about the cisco-nsp mailing list