Announcement

Collapse
No announcement yet.

New Vlan can not FTP to dmz

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • New Vlan can not FTP to dmz

    I set up a new vlan and have everything working except that it can not ftp to one of my dmz's.

    I have an ASA 5510 and have looked through the config to see any sort of entry that allows my default vlan to ftp to the dmz and can't find an entry that "allows" this. But you can from the default vlan.

    Is this a routing issue and not a firewall issue?

    I tried:
    access-list dmz-10_access_in_V1 extended permit tcp any eq ftp any eq ftp

    and it doesn't work.
    Thank you,

    Marc

  • #2
    Re: New Vlan can not FTP to dmz

    So the source port won't be 21 aka FTP. This would work better:

    access-list dmz-10_access_in_V1 extended permit tcp any any eq ftp
    Thanks,
    Brian Desmond
    Microsoft MVP - Directory Services
    www.briandesmond.com

    Comment


    • #3
      Re: New Vlan can not FTP to dmz

      That didn't seem to work. I removed my rule and added that one.

      I am puzzled because the default vlan can do it no problem. Wouldn't there be some sort of entry allowing this? or is it implicit?
      Thank you,

      Marc

      Comment


      • #4
        Re: New Vlan can not FTP to dmz

        I found my problem....I was right looking for some entry that allowed this. Here is the line that made it work:

        access-list nonat extended permit ip 192.168.2.0 255.255.255.0 x.x.x.0 255.255.255.0

        Thank you,

        Marc

        Comment

        Working...
        X