[c-nsp] FTP Problem - Cisco ASA Box
Jason Lixfeld
jason at lixfeld.ca
Wed Aug 30 15:57:20 EDT 2006
Looks like you modified your policy-maps from the defaults, so try
adding an inspect ftp to your policy-map and see if that helps.
On 30-Aug-06, at 3:44 PM, Paul Stewart wrote:
> Hi there..
>
> I'm having an issue with a new Cisco ASA5520 for ftp'ing to remote
> sites... Some sites work but very very slow and other sites come back
> with "illegal port" error. Have tried active and passive mode
> transfers
> from my CuteFTP client...
>
> Can anyone help? :)
>
> Paul Stewart
> Network Administrator
> Nexicom Inc.
> http://www.nexicom.net/
>
>
> ASA Version 7.1(2)
> !
> hostname acs4-fw-mb
> domain-name nexicom.net
> enable password XXXXXXXXXXXXXXXXXXXXX encrypted
> names
> !
> interface GigabitEthernet0/0
> nameif Outside
> security-level 0
> ip address xxx.xxx.xxx.xxx 255.255.255.240
> !
> interface GigabitEthernet0/1
> nameif Inside
> security-level 100
> ip address xxx.xxx.xxx.xxx 255.255.255.0
> !
> interface GigabitEthernet0/2
> shutdown
> no nameif
> no security-level
> no ip address
> !
> interface GigabitEthernet0/3
> shutdown
> no nameif
> no security-level
> no ip address
> !
> interface Management0/0
> shutdown
> nameif management
> security-level 100
> ip address 192.168.1.1 255.255.255.0
> management-only
> !
> passwd XXXXXXXXXXXXXXXXXXX encrypted
> no ftp mode passive
> clock timezone EST -5
> clock summer-time EDT recurring
> dns domain-lookup Outside
> dns domain-lookup Inside
> dns server-group DefaultDNS
> domain-name nexicom.net
> access-list AIP extended permit ip any any
> access-list ANY extended permit ip any any
> access-list ANY extended permit icmp any any
> pager lines 24
> logging enable
> logging timestamp
> logging trap informational
> logging asdm informational
> logging host Outside xxx.xxx.xxx.xxx
> mtu Outside 1500
> mtu Inside 1500
> mtu management 1500
> ip verify reverse-path interface Outside
> ip verify reverse-path interface Inside
> no failover
> asdm image disk0:/asdm512-k8.bin
> asdm history enable
> arp timeout 14400
> nat-control
> global (Outside) 10 interface
> nat (Inside) 10 0.0.0.0 0.0.0.0 dns
> access-group ANY in interface Outside
> access-group ANY out interface Outside
> access-group ANY in interface Inside
> access-group ANY out interface Inside
> route Outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
> timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
> timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
> timeout uauth 0:05:00 absolute
> username admin password XXXXXXXXXXXXXXX encrypted privilege 15
> !
> class-map AIP
> match access-list AIP
> !
> !
> policy-map AIP
> class AIP
> ips inline fail-open
> !
> service-policy AIP global
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list