Forward FTP traffic on PIX 515

Discussion in 'Cisco' started by duguayjordan@gmail.com, Sep 24, 2005.

  1. Guest

    I am unable to foward FTP traffic to my internal server. Can someone
    take a look at my configuration and see if I am missing anything.
    Thanks

    PIX Version 7.0(1)
    hostname doncarpix
    domain-name doncarsys.com
    ftp mode passive
    clock timezone CST -6
    clock summer-time CDT recurring
    access-list ACL_OUT extended permit tcp any host x.x.114.254 eq ftp
    no pager
    logging enable
    logging timestamp
    logging emblem
    logging trap warnings
    logging asdm warnings
    logging mail critical
    logging from-address
    logging recipient-address level errors
    logging host inside 198.163.230.202 format emblem
    mtu external 1500
    mtu inside 1500
    no failover
    monitor-interface external
    monitor-interface inside
    asdm image flash:/asdm
    no asdm history enable
    arp timeout 14400
    global (external) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,external) tcp x.x.114.254 ftp 198.163.230.1 ftp netmask
    255.255.255.255
    access-group ACL_OUT in interface external
    route external 0.0.0.0 0.0.0.0 x.x.114.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    username jduguay password EVop5bqi.XYr9e0u encrypted privilege 15
    aaa authentication enable console LOCAL
    aaa authentication http console LOCAL
    aaa authentication serial console LOCAL
    aaa authentication ssh console LOCAL
    aaa authentication telnet console LOCAL
    http server enable
    http 198.163.230.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp
    telnet 198.163.230.0 255.255.255.255 inside
    telnet timeout 5
    ssh scopy enable
    ssh 198.163.230.0 255.255.255.255 inside
    ssh timeout 5
    console timeout 0
    dhcpd lease 3600
    dhcpd ping_timeout 50
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map global_policy
    class inspection_default
    inspect ftp
    !
    service-policy global_policy global
    management-access inside
    Cryptochecksum:56ed1986d662ca941f5c3b9ca8419bcd
    : end
     
    , Sep 24, 2005
    #1
    1. Advertisements

  2. In article <>,
    <> wrote:
    :I am unable to foward FTP traffic to my internal server.

    :pIX Version 7.0(1)

    I haven't worked with 7.0(1) yet, but I'll give it a try.
    Note that 7.0(2) is out to fix a number of bugs.

    :access-list ACL_OUT extended permit tcp any host x.x.114.254 eq ftp

    :global (external) 1 interface
    :nat (inside) 1 0.0.0.0 0.0.0.0
    :static (inside,external) tcp x.x.114.254 ftp 198.163.230.1 ftp netmask 255.255.255.255
    :access-group ACL_OUT in interface external

    You chopped out both 'ip address' statements, which makes it harder
    to diagnose. It would have been easier if you had left in the
    ip addresses but obscured them as you did for the other locations.

    If it so happens that x.x.114.254 is your outside PIX IP, then
    in 6.x you would need to use "interface outside" in the ACL instead of
    "host x.x.114.254", and in the static statement you would replace
    "x.x.114.254" with the keyword "interface".

    If it so happens that 198.163.230.1 is your PIX inside address, you
    have a problem.
    --
    I was very young in those days, but I was also rather dim.
    -- Christopher Priest
     
    Walter Roberson, Sep 25, 2005
    #2
    1. Advertisements

  3. Guest

    Router External IP: 24.76.114.254
    Router Internal IP 198.163.230.3
    FTP Server IP 198.163.230.1

    I changed the ACL and route like you suggested and still nothing. Is
    there anything else that may be wrong with the configuration?
     
    , Sep 26, 2005
    #3
  4. In article <>,
    <> wrote:
    ;Router External IP: 24.76.114.254
    ;Router Internal IP 198.163.230.3
    ;FTP Server IP 198.163.230.1

    :I changed the ACL and route like you suggested and still nothing. Is
    :there anything else that may be wrong with the configuration?

    Could you post the outside ACL, and static, and IP statements?
    --
    Camera manufacturers have temporarily delayed introduction of
    sub-millibarn resolution bio-hyperdimensional plasmatic space polyimaging,
    but indications are that is still just around the corner.
     
    Walter Roberson, Sep 27, 2005
    #4
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. B Squared
    Replies:
    7
    Views:
    687
    Walter Roberson
    May 24, 2005
  2. Hypno999

    traffic-shaping limit ftp traffic

    Hypno999, Oct 7, 2005, in forum: Cisco
    Replies:
    5
    Views:
    3,847
  3. Scott Townsend
    Replies:
    8
    Views:
    839
    Roman Nakhmanson
    Feb 22, 2006
  4. Scott Townsend

    PIX 515 to PIX 515e not passing traffic

    Scott Townsend, May 10, 2006, in forum: Cisco
    Replies:
    6
    Views:
    3,889
    Vikas
    May 25, 2006
  5. Replies:
    0
    Views:
    3,457
Loading...

Share This Page