So this is my configuration for an ASA 5505.
I set up VPN, SMTP, and WWW.
VPN and SMTP work now I need the FTP access to work. Its a pretty simple config just need FTP incoming. I really am having a hard time figuring it out.
Any ideas:
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.101.1 255.255.255.0
ospf cost 10
!
interface Vlan2
nameif outside
security-level 0
ip address 66.***.***.***255.255.255.248
ospf cost 10
!
interface Vlan3
no forward interface Vlan1
nameif dmz
security-level 50
no ip address
ospf cost 10
!
passwd ********** encrypted
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns server-group DefaultDNS
domain-name *******.com
object-group service test tcp
port-object range 1 65000
access-list outside_access_in extended permit tcp any host 66.***.***.*** eq https
access-list outside_access_in remark Allow website access
access-list outside_access_in extended permit tcp any host 66.***.***.*** eq www
access-list outside_access_in extended permit tcp any host 66.***.***.*** eq 4125
access-list outside_access_in extended permit tcp any host 66.***.***.*** eq 3389
access-list outside_access_in extended permit tcp any host **** eq 3389
access-list outside_access_in extended permit tcp any host 66.***.***.*** eq pptp
access-list outside_access_in extended permit tcp any host **** eq 3389
access-list outside_access_in extended permit tcp any host 66.***.***.*** eq smtp
access-list outside_access_in extended permit ip any host 66.244.240.165
access-list outside_access_in extended permit tcp any host 66.244.240.165 eq ftp
access-list outside_access_in extended permit tcp any host 66.244.240.165 eq ftp-data
access-list outside_access_in extended permit icmp any any
access-list inside_access_out remark Allow all outbound
access-list inside_access_out extended permit ip any any
access-list inside_access_out extended permit tcp any object-group test any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
asdm image disk0:/asdm-521.bin
no asdm history enable
arp timeout 14400
global (inside) 1 ServerName3 netmask 255.255.255.0
global (outside) 10 interface
nat (inside) 10 192.168.101.0 255.255.255.0
static (inside,outside) 66.***.***.*** ServerName netmask 255.255.255.255
static (inside,outside) 66.***.***.*** ServerName1 netmask 255.255.255.255
static (inside,outside) 66.224.240.165 ServerName3 netmask 255.255.255.255
access-group inside_access_out in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 66.224.240.161 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.155.0 255.255.255.0 inside
http 192.168.101.0 255.255.255.0 inside
http GGT 255.255.255.255 outside
http GGT2 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto isakmp nat-traversal 20
telnet 192.168.101.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.101.0 255.255.255.0 inside
ssh GGT 255.255.255.255 outside
ssh GGT2 255.255.255.255 outside
ssh timeout 5
Michael Smalley
created this social network on Ning. 