From: KEN on 19 Aug 2008 18:49 Below is the config for a asa 5505 smtp incoming and all traffic outgoing are good. I am trying to set up ftp nat'ed to a server and keep getting timeout error or connection issues. Please provide some advice for setting up simple incoming ftp access and a nat. The ftp service is running and works from behind the firewall. asdm image disk0:/asdm-521.bin no asdm history enable : Saved : ASA Version 7.2(1) ! hostname GCSasa5510-01 domain-name Geotech.com enable password zsfe2WkOlNvTA7j7 encrypted names name 192.168.101.20 GCSSBSDEN-01 name 192.168.101.22 Geotech2 name 192.168.101.23 Geotech3 name 65.102.242.109 GGT name 64.81.98.56 GGT2 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.101.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 66.224.240.163 255.255.255.248 ! interface Vlan3 no forward interface Vlan1 nameif dmz security-level 50 no ip address ! interface Ethernet0/0 switchport access vlan 2 no nameif no security-level no ip address ! interface Ethernet0/1 no nameif no security-level no ip address ! interface Ethernet0/2 no nameif no security-level no ip address ! interface Ethernet0/3 no nameif no security-level no ip address ! interface Ethernet0/4 no nameif no security-level no ip address ! interface Ethernet0/5 no nameif no security-level no ip address ! interface Ethernet0/6 no nameif no security-level no ip address ! interface Ethernet0/7 no nameif no security-level no ip address ! passwd zWldOacmFw0cB/GA encrypted ftp mode passive clock timezone MST -7 clock summer-time MDT recurring dns server-group DefaultDNS domain-name Geotech.com object-group service test tcp port-object range 1 65000 access-list outside_access_in extended permit tcp any host 66.224.240.165 eq ftp access-list outside_access_in extended permit tcp any host 66.224.240.162 eq https access-list outside_access_in extended permit tcp any host 66.224.240.162 eq 4125 access-list outside_access_in extended permit tcp any host 66.224.240.162 eq 3389 access-list outside_access_in extended permit tcp any host Geotech2 eq 3389 access-list outside_access_in extended permit tcp any host Geotech3 eq 3389 access-list outside_access_in extended permit tcp any host 66.224.240.162 eq pptp access-list outside_access_in extended permit tcp any host 66.224.240.162 eq smtp access-list outside_access_in extended permit tcp any eq www host 66.224.240.165 eq www access-list outside_access_in extended permit icmp any any access-list inside_access_out remark Allow all outbound access-list inside_access_out extended permit ip any any access-list inside_access_out extended permit tcp any object-group test any pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 mtu dmz 1500 asdm image disk0:/asdm-521.bin no asdm history enable arp timeout 14400 nat-control global (inside) 1 192.168.101.106 netmask 255.255.255.0 global (outside) 10 interface nat (inside) 10 192.168.101.0 255.255.255.0 static (inside,outside) 66.224.240.164 Geotech2 netmask 255.255.255.255 static (inside,outside) 66.224.240.165 Geotech3 netmask 255.255.255.255 static (inside,outside) 66.224.240.162 GCSSBSDEN-01 netmask 255.255.255.255 access-group inside_access_out in interface inside access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 66.224.240.161 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip- disconnect 0:02:00 timeout uauth 0:05:00 absolute http server enable http 192.168.155.0 255.255.255.0 inside http 192.168.101.0 255.255.255.0 inside http GGT 255.255.255.255 outside http GGT2 255.255.255.255 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto isakmp nat-traversal 20 telnet 192.168.101.0 255.255.255.0 inside telnet timeout 5 ssh 192.168.101.0 255.255.255.0 inside ssh GGT 255.255.255.255 outside ssh GGT2 255.255.255.255 outside ssh timeout 5 console timeout 0 ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect pptp inspect http ! service-policy global_policy global ntp server 199.240.130.1 source outside ntp server GCSSBSDEN-01 source inside prefer ntp server 128.194.254.9 source outside ntp server 63.247.194.250 source outside ntp server 198.49.126.195 source outside prompt hostname context Cryptochecksum:a611c7343d07c40430542feee7ea6bc1 : end
|
Pages: 1 Prev: blocking incoming udp packets Next: Error While Installing Trend Micro IS 2009 |