Forward FTP traffic on PIX 515

Discussion in 'Cisco' started by, Sep 24, 2005.

  1. Guest

    I am unable to foward FTP traffic to my internal server. Can someone
    take a look at my configuration and see if I am missing anything.

    PIX Version 7.0(1)
    hostname doncarpix
    ftp mode passive
    clock timezone CST -6
    clock summer-time CDT recurring
    access-list ACL_OUT extended permit tcp any host x.x.114.254 eq ftp
    no pager
    logging enable
    logging timestamp
    logging emblem
    logging trap warnings
    logging asdm warnings
    logging mail critical
    logging from-address
    logging recipient-address level errors
    logging host inside format emblem
    mtu external 1500
    mtu inside 1500
    no failover
    monitor-interface external
    monitor-interface inside
    asdm image flash:/asdm
    no asdm history enable
    arp timeout 14400
    global (external) 1 interface
    nat (inside) 1
    static (inside,external) tcp x.x.114.254 ftp ftp netmask
    access-group ACL_OUT in interface external
    route external x.x.114.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    username jduguay password EVop5bqi.XYr9e0u encrypted privilege 15
    aaa authentication enable console LOCAL
    aaa authentication http console LOCAL
    aaa authentication serial console LOCAL
    aaa authentication ssh console LOCAL
    aaa authentication telnet console LOCAL
    http server enable
    http inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp
    telnet inside
    telnet timeout 5
    ssh scopy enable
    ssh inside
    ssh timeout 5
    console timeout 0
    dhcpd lease 3600
    dhcpd ping_timeout 50
    class-map inspection_default
    match default-inspection-traffic
    policy-map global_policy
    class inspection_default
    inspect ftp
    service-policy global_policy global
    management-access inside
    : end
    , Sep 24, 2005
    1. Advertisements

  2. In article <>,
    <> wrote:
    :I am unable to foward FTP traffic to my internal server.

    :pIX Version 7.0(1)

    I haven't worked with 7.0(1) yet, but I'll give it a try.
    Note that 7.0(2) is out to fix a number of bugs.

    :access-list ACL_OUT extended permit tcp any host x.x.114.254 eq ftp

    :global (external) 1 interface
    :nat (inside) 1
    :static (inside,external) tcp x.x.114.254 ftp ftp netmask
    :access-group ACL_OUT in interface external

    You chopped out both 'ip address' statements, which makes it harder
    to diagnose. It would have been easier if you had left in the
    ip addresses but obscured them as you did for the other locations.

    If it so happens that x.x.114.254 is your outside PIX IP, then
    in 6.x you would need to use "interface outside" in the ACL instead of
    "host x.x.114.254", and in the static statement you would replace
    "x.x.114.254" with the keyword "interface".

    If it so happens that is your PIX inside address, you
    have a problem.
    I was very young in those days, but I was also rather dim.
    -- Christopher Priest
    Walter Roberson, Sep 25, 2005
    1. Advertisements

  3. Guest

    Router External IP:
    Router Internal IP
    FTP Server IP

    I changed the ACL and route like you suggested and still nothing. Is
    there anything else that may be wrong with the configuration?
    , Sep 26, 2005
  4. In article <>,
    <> wrote:
    ;Router External IP:
    ;Router Internal IP
    ;FTP Server IP

    :I changed the ACL and route like you suggested and still nothing. Is
    :there anything else that may be wrong with the configuration?

    Could you post the outside ACL, and static, and IP statements?
    Camera manufacturers have temporarily delayed introduction of
    sub-millibarn resolution bio-hyperdimensional plasmatic space polyimaging,
    but indications are that is still just around the corner.
    Walter Roberson, Sep 27, 2005
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. B Squared
    Walter Roberson
    May 24, 2005
  2. Hypno999

    traffic-shaping limit ftp traffic

    Hypno999, Oct 7, 2005, in forum: Cisco
  3. Scott Townsend
    Roman Nakhmanson
    Feb 22, 2006
  4. Scott Townsend

    PIX 515 to PIX 515e not passing traffic

    Scott Townsend, May 10, 2006, in forum: Cisco
    May 25, 2006
  5. Replies: