Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Cisco ASA 5505 and ftp??

Cisco ASA 5505 and ftp?? 9 years 1 month ago #23806

  • Anders
  • Anders's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Hello

I'm new to cisco products and have just started to understand the ASDM for my ASA 5505. Now a small problem i have. One of my servers is a ftp server using ioFTPD. This server is also a member of a Domain.
Now I've read a lot of guides and tips about how to setup so that my ftp server would be reachable by anyone on the internet. My problem is that i have a hard time to get it to work. I can access my ftp within the Internal Network, but as soon as i try to connect using my public IP address, It's not reachable. So with the little knowledge I have i can say that somethings are not setup correctly in my ASA 5505.

My ftp uses port 9999.

So I created a Static NAT rule where my real source is my ftp server and the translated source is my Public IP using tcp protocol on port 9999.

Then i created a Access Rule. Outside, Incoming to allow any to connect to my public IP on port 9999.

What am I doing wrong?

Please someone that knows what to do help me.

//Anders
The administrator has disabled public write access.

Re: Cisco ASA 5505 and ftp?? 9 years 1 month ago #23817

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Hi there,

Is there any reason why you are using a none standard ftp port ?

THe issue here is that you are using this none standard port and FTP actually uses two ports. One is for the control and another for the data transfer.

The ASA can use the Inspect rules to ensure that it can keep track of the ftp communication and additional ports that are required for this traffic, if you are on a none standard port, the ASA will not know that this is FTP traffic.

Is there no option to configure the deamon to use standard ports ? If not, there is a way to tell the inspect that your port is for ftp, cannot remember off the top of my head but if you need to know let me know and i will find it for ya.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Cisco ASA 5505 and ftp?? 9 years 1 month ago #23819

  • Anders
  • Anders's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
sure i could configure it to run on port 21.
also in the config file for the ftp it says that it is using ports 1024-2048 for data transfers is that something i have to change aswell?

//Anders
The administrator has disabled public write access.

Re: Cisco ASA 5505 and ftp?? 9 years 1 month ago #23824

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Not sure about that specific ftp deamon, if you take a look at the networking section of this site under protocols --> FTP it will explain the process. Basically you can have two types, Active/Passive. Active, the server will try to setup the additional ports (which can sometimes fail through firewalls unless they can inspect the traffic) but in Passive, the host decides that (the server will tell the host what to use and the host will then setup the connection)
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.
Time to create page: 0.080 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup