no ftp connection possible through cisco router with ip inspect

Discussion in 'Cisco' started by Didier, Jan 27, 2004.

  1. Didier

    Didier Guest

    Hi,

    I'm unable to make any kind (active and passiv) of anonymous ftp
    connections.
    Here is a sample log file when trying to do an active ftp connection:
    %FW-3-FTP_SESSION_NOT_AUTHENTICATED: Command issued before the session is
    authenticated -- FTP client 192.168.0.182 FTP server 1
    %SEC-6-IPACCESSLOGP: list 111 denied tcp 10.0.0.5(20) (FastEthernet0
    0050.8b9a.6969) -> 192.168.0.182(2708), 1 packet

    Connections to the ftp server are working without problem from inside the
    LAN.

    I'm using ip inspect and access-lists.

    ! (is INTERNET)
    eth0
    ip access-group in 101

    ! (is DMZ)
    fast0
    ip inspect standard out

    access-list 101 permit tcp any host 10.0.0.5 eq ftp
    access-list 101 permit tcp host 10.0.0.5 eq ftp-data any gt 1023
    access-list 101 deny ip any any

    ip inspect audit-trail
    ip inspect udp idle-time 1800
    ip inspect dns-timeout 7
    ip inspect tcp idle-time 14400
    ip inspect name standard cuseeme
    ip inspect name standard h323
    ip inspect name standard http
    ip inspect name standard rcmd
    ip inspect name standard realaudio
    ip inspect name standard smtp
    ip inspect name standard sqlnet
    ip inspect name standard streamworks
    ip inspect name standard tcp
    ip inspect name standard tftp
    ip inspect name standard udp
    ip inspect name standard vdolive
    ip inspect name standard ftp
    ip audit notify log
    ip audit po max-events 100

    Many thanks
     
    Didier, Jan 27, 2004
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.