Trying to configure FTP in a Cisco ASA 5510. Bellow is the configuration. How do I configure FTP on the...
Can chords be played on the flute?
"Murder!" The knight said
Can you use a beast's innate abilities while polymorphed?
If nine coins are tossed, what is the probability that the number of heads is even?
Why does the 31P{1H} NMR spectrum of cis-[Mo(CO)2(dppe)2] show two signals?
How would we write a misogynistic character without offending people?
What are these green text/line displays shown during the livestream of Crew Dragon's approach to dock with the ISS?
A "strange" unit radio astronomy
When was drinking water recognized as crucial in marathon running?
Where is the fallacy here?
How can I handle a player who pre-plans arguments about my rulings on RAW?
What is the wife of a henpecked husband called?
Do authors have to be politically correct in article-writing?
How to count occurrences of Friday 13th
You'll find me clean when something is full
How to add multiple differently colored borders around a node?
Compare four integers, return word based on maximum
What do the pedals on grand pianos do?
How do ISS astronauts "get their stripes"?
Hacker Rank: Array left rotation
CBP Reminds Travelers to Allow 72 Hours for ESTA. Why?
As a new poet, where can I find help from a professional to judge my work?
Are small insurances worth it
Easy code troubleshooting in wordpress
Trying to configure FTP in a Cisco ASA 5510. Bellow is the configuration. How do I configure FTP on the ASA?
Cisco PIX 8.0.4, static address mapping not working?Cisco ASA 5510 Configuration using ASDM to block outgoing SMTPCisco VPN Client Behind ASA 5505How to disable dns doctoring for IPSEC VPN connections for ASA 5510How to NAT a 192.168.x.x corporate domain on a Cisco ASA to not conlict with VPN remote users LANsSimple Cisco ASA 5505 config issuecisco asa + action drop issueNTP client on CentOS 5 fails behind Cisco ASA firewallAllow Ports 80, 443 and 81 through ASA 5510Cisco ASA l2l tunnel established, can receive pings but cannot reply
0
Trying to configure FTP in a Cisco ASA 5510. Below is the configuration. How do I configure FTP on the ASA?
ASA Version 7.0(8)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password <removed> encrypted
passwd <removed> encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 122.180.48.54 255.255.255.252
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.254 255.255.255.0
!
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 172.16.0.254 255.255.0.0
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
access-list dmztooutside extended permit tcp host 172.16.0.65 host 172.18.0.65
access-list dmztooutside extended permit ip 172.16.0.0 255.255.0.0 any
access-list dmztooutside extended permit tcp host 172.16.0.62 host 172.18.0.62
access-list outside-int extended permit tcp any host 122.160.122.141 eq www
access-list outside-int extended permit tcp any host 122.160.122.141 eq smtp
access-list outside-int extended permit tcp any host 122.160.122.141 eq domain
access-list outside-int extended permit tcp any host 122.160.122.141 eq ftp-data
access-list outside-int extended permit tcp any host 122.160.122.142 eq imap4
access-list outside-int extended permit tcp any host 122.160.122.142 eq https
access-list outside-int extended permit tcp any host 122.160.122.142 eq www
access-list outside-int extended permit tcp any host 122.160.122.142 eq pop3
access-list outside-int extended permit tcp any host 122.160.122.142 eq smtp
access-list outside-int extended permit tcp any host 122.160.122.142 eq 993
access-list outside-int extended permit tcp any host 122.160.122.142 eq 995
access-list outside-int extended permit udp any host 122.160.122.142 eq domain
access-list outside-int extended permit tcp any host 122.160.122.142 eq domain
access-list outside-int extended permit udp any host 122.160.122.141 eq domain
access-list outside-int extended permit tcp any host 122.160.122.140 eq www
access-list outside-int extended permit tcp any host 122.160.122.140 eq smtp
access-list outside-int extended permit tcp any host 122.160.122.140 eq domain
access-list outside-int extended permit udp any host 122.160.122.140 eq domain
access-list outside-int extended permit tcp any host 122.160.122.140 eq https
access-list dmz-int extended permit tcp any host 172.16.0.63 eq www
access-list dmz-int extended permit tcp any host 172.16.0.63 eq smtp
access-list dmz-int extended permit tcp any host 172.16.0.63 eq https
access-list dmz-int extended permit tcp any host 172.16.0.63 eq domain
access-list dmz-int extended permit tcp any host 172.16.0.63 eq pop3
access-list dmz-int extended permit tcp any host 172.16.0.63 eq imap4
access-list dmz-int extended permit tcp any host 172.16.0.64 eq www
access-list dmz-int extended permit tcp any host 172.16.0.64 eq smtp
access-list dmz-int extended permit tcp any host 172.16.0.64 eq domain
access-list dmz-int extended permit tcp any host 172.16.0.64 eq ftp-data
access-list dmz-int extended permit tcp any host 172.16.0.63 eq ftp-data
access-list dmz-int extended permit udp any host 172.16.0.63 eq domain
access-list dmz-int extended permit udp any host 172.16.0.64 eq domain
access-list dmz-int extended permit tcp any host 172.16.0.62 eq www
access-list dmz-int extended permit tcp any host 172.16.0.62 eq smtp
access-list dmz-int extended permit tcp any host 172.16.0.62 eq https
access-list dmz-int extended permit tcp any host 172.16.0.62 eq domain
access-list dmz-int extended permit udp any host 172.16.0.62 eq domain
access-list block_database_internet extended deny ip host 192.168.10.5 any
access-list block_database_internet extended permit ip any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (DMZ) 1 172.16.0.0 255.255.0.0
static (DMZ,outside) 122.160.122.141 172.16.0.64 netmask 255.255.255.255 dns
static (inside,DMZ) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
static (inside,DMZ) 172.18.0.65 192.168.10.5 netmask 255.255.255.255
static (DMZ,outside) 122.160.122.142 172.16.0.63 netmask 255.255.255.255 dns
static (DMZ,outside) 122.160.122.140 172.16.0.62 netmask 255.255.255.255 dns
static (inside,DMZ) 172.18.0.62 192.168.10.209 netmask 255.255.255.255
access-group outside-int in interface outside
access-group block_database_internet in interface inside
access-group dmztooutside in interface DMZ
route outside 0.0.0.0 0.0.0.0 122.180.48.53 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username admin password <removed> encrypted
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect esmtp
!
service-policy global_policy global
Cryptochecksum:9fa31ff1c0b8f20d07bf965f82f7c1c4
: end
ciscoasa#
cisco-asa
edited May 23 '11 at 16:04
Shane Madden♦
104k9145220
asked May 23 '11 at 6:59
suvodip chaudhurisuvodip chaudhuri
11
bumped to the homepage by Community♦ 6 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
0
Trying to configure FTP in a Cisco ASA 5510. Below is the configuration. How do I configure FTP on the ASA?
ASA Version 7.0(8)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password <removed> encrypted
passwd <removed> encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 122.180.48.54 255.255.255.252
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.254 255.255.255.0
!
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 172.16.0.254 255.255.0.0
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
access-list dmztooutside extended permit tcp host 172.16.0.65 host 172.18.0.65
access-list dmztooutside extended permit ip 172.16.0.0 255.255.0.0 any
access-list dmztooutside extended permit tcp host 172.16.0.62 host 172.18.0.62
access-list outside-int extended permit tcp any host 122.160.122.141 eq www
access-list outside-int extended permit tcp any host 122.160.122.141 eq smtp
access-list outside-int extended permit tcp any host 122.160.122.141 eq domain
access-list outside-int extended permit tcp any host 122.160.122.141 eq ftp-data
access-list outside-int extended permit tcp any host 122.160.122.142 eq imap4
access-list outside-int extended permit tcp any host 122.160.122.142 eq https
access-list outside-int extended permit tcp any host 122.160.122.142 eq www
access-list outside-int extended permit tcp any host 122.160.122.142 eq pop3
access-list outside-int extended permit tcp any host 122.160.122.142 eq smtp
access-list outside-int extended permit tcp any host 122.160.122.142 eq 993
access-list outside-int extended permit tcp any host 122.160.122.142 eq 995
access-list outside-int extended permit udp any host 122.160.122.142 eq domain
access-list outside-int extended permit tcp any host 122.160.122.142 eq domain
access-list outside-int extended permit udp any host 122.160.122.141 eq domain
access-list outside-int extended permit tcp any host 122.160.122.140 eq www
access-list outside-int extended permit tcp any host 122.160.122.140 eq smtp
access-list outside-int extended permit tcp any host 122.160.122.140 eq domain
access-list outside-int extended permit udp any host 122.160.122.140 eq domain
access-list outside-int extended permit tcp any host 122.160.122.140 eq https
access-list dmz-int extended permit tcp any host 172.16.0.63 eq www
access-list dmz-int extended permit tcp any host 172.16.0.63 eq smtp
access-list dmz-int extended permit tcp any host 172.16.0.63 eq https
access-list dmz-int extended permit tcp any host 172.16.0.63 eq domain
access-list dmz-int extended permit tcp any host 172.16.0.63 eq pop3
access-list dmz-int extended permit tcp any host 172.16.0.63 eq imap4
access-list dmz-int extended permit tcp any host 172.16.0.64 eq www
access-list dmz-int extended permit tcp any host 172.16.0.64 eq smtp
access-list dmz-int extended permit tcp any host 172.16.0.64 eq domain
access-list dmz-int extended permit tcp any host 172.16.0.64 eq ftp-data
access-list dmz-int extended permit tcp any host 172.16.0.63 eq ftp-data
access-list dmz-int extended permit udp any host 172.16.0.63 eq domain
access-list dmz-int extended permit udp any host 172.16.0.64 eq domain
access-list dmz-int extended permit tcp any host 172.16.0.62 eq www
access-list dmz-int extended permit tcp any host 172.16.0.62 eq smtp
access-list dmz-int extended permit tcp any host 172.16.0.62 eq https
access-list dmz-int extended permit tcp any host 172.16.0.62 eq domain
access-list dmz-int extended permit udp any host 172.16.0.62 eq domain
access-list block_database_internet extended deny ip host 192.168.10.5 any
access-list block_database_internet extended permit ip any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (DMZ) 1 172.16.0.0 255.255.0.0
static (DMZ,outside) 122.160.122.141 172.16.0.64 netmask 255.255.255.255 dns
static (inside,DMZ) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
static (inside,DMZ) 172.18.0.65 192.168.10.5 netmask 255.255.255.255
static (DMZ,outside) 122.160.122.142 172.16.0.63 netmask 255.255.255.255 dns
static (DMZ,outside) 122.160.122.140 172.16.0.62 netmask 255.255.255.255 dns
static (inside,DMZ) 172.18.0.62 192.168.10.209 netmask 255.255.255.255
access-group outside-int in interface outside
access-group block_database_internet in interface inside
access-group dmztooutside in interface DMZ
route outside 0.0.0.0 0.0.0.0 122.180.48.53 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username admin password <removed> encrypted
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect esmtp
!
service-policy global_policy global
Cryptochecksum:9fa31ff1c0b8f20d07bf965f82f7c1c4
: end
ciscoasa#
cisco-asa
edited May 23 '11 at 16:04
Shane Madden♦
104k9145220
asked May 23 '11 at 6:59
suvodip chaudhurisuvodip chaudhuri
11
bumped to the homepage by Community♦ 6 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Which device are you trying to configure FTP for?
– Shane Madden♦
May 23 '11 at 16:05
add a comment |
0
0
0
Trying to configure FTP in a Cisco ASA 5510. Below is the configuration. How do I configure FTP on the ASA?
ASA Version 7.0(8)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password <removed> encrypted
passwd <removed> encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 122.180.48.54 255.255.255.252
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.254 255.255.255.0
!
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 172.16.0.254 255.255.0.0
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
access-list dmztooutside extended permit tcp host 172.16.0.65 host 172.18.0.65
access-list dmztooutside extended permit ip 172.16.0.0 255.255.0.0 any
access-list dmztooutside extended permit tcp host 172.16.0.62 host 172.18.0.62
access-list outside-int extended permit tcp any host 122.160.122.141 eq www
access-list outside-int extended permit tcp any host 122.160.122.141 eq smtp
access-list outside-int extended permit tcp any host 122.160.122.141 eq domain
access-list outside-int extended permit tcp any host 122.160.122.141 eq ftp-data
access-list outside-int extended permit tcp any host 122.160.122.142 eq imap4
access-list outside-int extended permit tcp any host 122.160.122.142 eq https
access-list outside-int extended permit tcp any host 122.160.122.142 eq www
access-list outside-int extended permit tcp any host 122.160.122.142 eq pop3
access-list outside-int extended permit tcp any host 122.160.122.142 eq smtp
access-list outside-int extended permit tcp any host 122.160.122.142 eq 993
access-list outside-int extended permit tcp any host 122.160.122.142 eq 995
access-list outside-int extended permit udp any host 122.160.122.142 eq domain
access-list outside-int extended permit tcp any host 122.160.122.142 eq domain
access-list outside-int extended permit udp any host 122.160.122.141 eq domain
access-list outside-int extended permit tcp any host 122.160.122.140 eq www
access-list outside-int extended permit tcp any host 122.160.122.140 eq smtp
access-list outside-int extended permit tcp any host 122.160.122.140 eq domain
access-list outside-int extended permit udp any host 122.160.122.140 eq domain
access-list outside-int extended permit tcp any host 122.160.122.140 eq https
access-list dmz-int extended permit tcp any host 172.16.0.63 eq www
access-list dmz-int extended permit tcp any host 172.16.0.63 eq smtp
access-list dmz-int extended permit tcp any host 172.16.0.63 eq https
access-list dmz-int extended permit tcp any host 172.16.0.63 eq domain
access-list dmz-int extended permit tcp any host 172.16.0.63 eq pop3
access-list dmz-int extended permit tcp any host 172.16.0.63 eq imap4
access-list dmz-int extended permit tcp any host 172.16.0.64 eq www
access-list dmz-int extended permit tcp any host 172.16.0.64 eq smtp
access-list dmz-int extended permit tcp any host 172.16.0.64 eq domain
access-list dmz-int extended permit tcp any host 172.16.0.64 eq ftp-data
access-list dmz-int extended permit tcp any host 172.16.0.63 eq ftp-data
access-list dmz-int extended permit udp any host 172.16.0.63 eq domain
access-list dmz-int extended permit udp any host 172.16.0.64 eq domain
access-list dmz-int extended permit tcp any host 172.16.0.62 eq www
access-list dmz-int extended permit tcp any host 172.16.0.62 eq smtp
access-list dmz-int extended permit tcp any host 172.16.0.62 eq https
access-list dmz-int extended permit tcp any host 172.16.0.62 eq domain
access-list dmz-int extended permit udp any host 172.16.0.62 eq domain
access-list block_database_internet extended deny ip host 192.168.10.5 any
access-list block_database_internet extended permit ip any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (DMZ) 1 172.16.0.0 255.255.0.0
static (DMZ,outside) 122.160.122.141 172.16.0.64 netmask 255.255.255.255 dns
static (inside,DMZ) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
static (inside,DMZ) 172.18.0.65 192.168.10.5 netmask 255.255.255.255
static (DMZ,outside) 122.160.122.142 172.16.0.63 netmask 255.255.255.255 dns
static (DMZ,outside) 122.160.122.140 172.16.0.62 netmask 255.255.255.255 dns
static (inside,DMZ) 172.18.0.62 192.168.10.209 netmask 255.255.255.255
access-group outside-int in interface outside
access-group block_database_internet in interface inside
access-group dmztooutside in interface DMZ
route outside 0.0.0.0 0.0.0.0 122.180.48.53 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username admin password <removed> encrypted
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect esmtp
!
service-policy global_policy global
Cryptochecksum:9fa31ff1c0b8f20d07bf965f82f7c1c4
: end
ciscoasa#
cisco-asa
edited May 23 '11 at 16:04
Shane Madden♦
104k9145220
asked May 23 '11 at 6:59
suvodip chaudhurisuvodip chaudhuri
11
Trying to configure FTP in a Cisco ASA 5510. Below is the configuration. How do I configure FTP on the ASA?
ASA Version 7.0(8)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password <removed> encrypted
passwd <removed> encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 122.180.48.54 255.255.255.252
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.254 255.255.255.0
!
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 172.16.0.254 255.255.0.0
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
access-list dmztooutside extended permit tcp host 172.16.0.65 host 172.18.0.65
access-list dmztooutside extended permit ip 172.16.0.0 255.255.0.0 any
access-list dmztooutside extended permit tcp host 172.16.0.62 host 172.18.0.62
access-list outside-int extended permit tcp any host 122.160.122.141 eq www
access-list outside-int extended permit tcp any host 122.160.122.141 eq smtp
access-list outside-int extended permit tcp any host 122.160.122.141 eq domain
access-list outside-int extended permit tcp any host 122.160.122.141 eq ftp-data
access-list outside-int extended permit tcp any host 122.160.122.142 eq imap4
access-list outside-int extended permit tcp any host 122.160.122.142 eq https
access-list outside-int extended permit tcp any host 122.160.122.142 eq www
access-list outside-int extended permit tcp any host 122.160.122.142 eq pop3
access-list outside-int extended permit tcp any host 122.160.122.142 eq smtp
access-list outside-int extended permit tcp any host 122.160.122.142 eq 993
access-list outside-int extended permit tcp any host 122.160.122.142 eq 995
access-list outside-int extended permit udp any host 122.160.122.142 eq domain
access-list outside-int extended permit tcp any host 122.160.122.142 eq domain
access-list outside-int extended permit udp any host 122.160.122.141 eq domain
access-list outside-int extended permit tcp any host 122.160.122.140 eq www
access-list outside-int extended permit tcp any host 122.160.122.140 eq smtp
access-list outside-int extended permit tcp any host 122.160.122.140 eq domain
access-list outside-int extended permit udp any host 122.160.122.140 eq domain
access-list outside-int extended permit tcp any host 122.160.122.140 eq https
access-list dmz-int extended permit tcp any host 172.16.0.63 eq www
access-list dmz-int extended permit tcp any host 172.16.0.63 eq smtp
access-list dmz-int extended permit tcp any host 172.16.0.63 eq https
access-list dmz-int extended permit tcp any host 172.16.0.63 eq domain
access-list dmz-int extended permit tcp any host 172.16.0.63 eq pop3
access-list dmz-int extended permit tcp any host 172.16.0.63 eq imap4
access-list dmz-int extended permit tcp any host 172.16.0.64 eq www
access-list dmz-int extended permit tcp any host 172.16.0.64 eq smtp
access-list dmz-int extended permit tcp any host 172.16.0.64 eq domain
access-list dmz-int extended permit tcp any host 172.16.0.64 eq ftp-data
access-list dmz-int extended permit tcp any host 172.16.0.63 eq ftp-data
access-list dmz-int extended permit udp any host 172.16.0.63 eq domain
access-list dmz-int extended permit udp any host 172.16.0.64 eq domain
access-list dmz-int extended permit tcp any host 172.16.0.62 eq www
access-list dmz-int extended permit tcp any host 172.16.0.62 eq smtp
access-list dmz-int extended permit tcp any host 172.16.0.62 eq https
access-list dmz-int extended permit tcp any host 172.16.0.62 eq domain
access-list dmz-int extended permit udp any host 172.16.0.62 eq domain
access-list block_database_internet extended deny ip host 192.168.10.5 any
access-list block_database_internet extended permit ip any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (DMZ) 1 172.16.0.0 255.255.0.0
static (DMZ,outside) 122.160.122.141 172.16.0.64 netmask 255.255.255.255 dns
static (inside,DMZ) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
static (inside,DMZ) 172.18.0.65 192.168.10.5 netmask 255.255.255.255
static (DMZ,outside) 122.160.122.142 172.16.0.63 netmask 255.255.255.255 dns
static (DMZ,outside) 122.160.122.140 172.16.0.62 netmask 255.255.255.255 dns
static (inside,DMZ) 172.18.0.62 192.168.10.209 netmask 255.255.255.255
access-group outside-int in interface outside
access-group block_database_internet in interface inside
access-group dmztooutside in interface DMZ
route outside 0.0.0.0 0.0.0.0 122.180.48.53 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username admin password <removed> encrypted
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect esmtp
!
service-policy global_policy global
Cryptochecksum:9fa31ff1c0b8f20d07bf965f82f7c1c4
: end
ciscoasa#
cisco-asa
cisco-asa
edited May 23 '11 at 16:04
Shane Madden♦
104k9145220
asked May 23 '11 at 6:59
suvodip chaudhurisuvodip chaudhuri
11
edited May 23 '11 at 16:04
Shane Madden♦
104k9145220
asked May 23 '11 at 6:59
suvodip chaudhurisuvodip chaudhuri
11
edited May 23 '11 at 16:04
Shane Madden♦
104k9145220
edited May 23 '11 at 16:04
Shane Madden♦
104k9145220
edited May 23 '11 at 16:04
Shane Madden♦
104k9145220
104k9145220
asked May 23 '11 at 6:59
suvodip chaudhurisuvodip chaudhuri
11
asked May 23 '11 at 6:59
suvodip chaudhurisuvodip chaudhuri
11
asked May 23 '11 at 6:59
suvodip chaudhurisuvodip chaudhuri
11
11
bumped to the homepage by Community♦ 6 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 6 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Which device are you trying to configure FTP for?
– Shane Madden♦
May 23 '11 at 16:05
add a comment |
Which device are you trying to configure FTP for?
– Shane Madden♦
May 23 '11 at 16:05
Which device are you trying to configure FTP for?
– Shane Madden♦
May 23 '11 at 16:05
Which device are you trying to configure FTP for?
– Shane Madden♦
May 23 '11 at 16:05
add a comment |
1 Answer
1
active
oldest
votes
0
An ASA is a firewall, you don't generally configure FTP "in it".
answered Oct 7 '11 at 17:12
AaronAaron
2,96011834
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f272621%2ftrying-to-configure-ftp-in-a-cisco-asa-5510-bellow-is-the-configuration-how-do%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
An ASA is a firewall, you don't generally configure FTP "in it".
answered Oct 7 '11 at 17:12
AaronAaron
2,96011834
add a comment |
0
An ASA is a firewall, you don't generally configure FTP "in it".
answered Oct 7 '11 at 17:12
AaronAaron
2,96011834
add a comment |
0
0
0
An ASA is a firewall, you don't generally configure FTP "in it".
answered Oct 7 '11 at 17:12
AaronAaron
2,96011834
An ASA is a firewall, you don't generally configure FTP "in it".
answered Oct 7 '11 at 17:12
AaronAaron
2,96011834
answered Oct 7 '11 at 17:12
AaronAaron
2,96011834
answered Oct 7 '11 at 17:12
AaronAaron
2,96011834
answered Oct 7 '11 at 17:12
AaronAaron
2,96011834
2,96011834
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f272621%2ftrying-to-configure-ftp-in-a-cisco-asa-5510-bellow-is-the-configuration-how-do%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Which device are you trying to configure FTP for?
– Shane Madden♦
May 23 '11 at 16:05