Configure ASA 5515 to allow FTP server behind it.

Similar Messages

• How to configure sync with my local ftp server?

  I have used XMarks since now because it hallow me to synchronize my bookmarks with my local server. Now XMarks don't work anymore because it's not more possible to synchronize the passwords.
  Any other alternative imposes to use an external server and I don't want to use an external server. My data must remain on my machine it's absolutely excluded that i use an external unknown server for this.
  The only solution must be a free solution (a real free solution) and the firefox synchronization seems to me the best/only one.
  But I've not found how to configure it to use my own server.
  So how to do it, where are the options to the synchronizer to give my own ftp server or whatever other server it needs?

  iAS 6.0 sp4 officially does only support iPlanet Directory Server 5.0 sp1 and 4.13.
  For more details visit: http://docs.iplanet.com/docs/manuals/ias/60/sp4/ig/prep.htm#42084
  I guess, you can specify the directory server during the time of installation.
  Thanks,
  Rakesh.

• How configure sending CDR reporting via ftp server

  hi
  i want to send the CDR reporting automaticly to FTP billing server each 1H.
  i have add the billing server
  i don  t know how or when can i configure the automatique sending CDR report to this server
  Thanks for your help

  You'll need a SFTP server instead of FTP.
  For instructions, please see here:
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/service/7_1_2/admin/sacdrm.html
  Thanks!
  Michael
  http://htluo.blogspot.com

• Internal FTP server

  Have issue with internal 2003 FTP server behind BM;
  Secondary IP set on Public NIC and NAT it to the private IP of the 2003 server.
  Filters setup as per the TID2931861.
  FTP works internally for both IE and FTP client.
  None works from outside. Any idea?
  Will try taking down filter tomorrow morning and test if it works.(Production server)

  lchen ca1 wrote:
  > mysterious;1487294 Wrote:
  >> mysterious wrote:
  >>> lchen ca1 wrote:
  >>>> Took filter down and still didn't work.
  >>>> Checked NAT, NAT is setup correctly.
  >>>> Do I need ICMP filter setup in order to have FTP working?
  >>> it will not work in pasv mode behind nat. It has to work in port
  >> mode
  >>> tid10064656
  >>>
  >>>
  >>> Gonzalo
  >> forgot to add, instead nat use the ftp accelerator and you'll be fine
  >
  >
  > So you mean I have to take away the NAT settings and setup reverse FTP,
  > then pasv FTP will work?
  >
  > Questions:
  > 1. Pasv will not work in NAT configuration?
  No, it will not work. Server embeds the new ip address to establish the
  pasv connection on the data portion of the packet and it is not
  translated by nat, so client will try to connect to an internal ip.
  Port mode will work thru nat as it is the server who initialize the
  connections
  > 2. Port mode means active FTP port 21 and 20 right?
  The mind different between pasv and port are:
  1. Who initialize the second connection
  2. The ports used on the communication
  In pasv mode, the client initialize the connection with the data sent by
  server while on port (active) mode, it is the server who do that.
  Take a look at this coolsolution to understand better the differences:
  Cool Solutions: Active versus Passive FTP
  if you need pasv connections, the easy thing is the ftp accelerator. you
  only a secondary ip and two click of the mouse in nwadmn32 or imanager.
  Gonzalo

• Settings and usage of external FTP Server in ECC 6.0

  Dear all,
  I work in ECC 6.0, and I want to configure and use an external FTP Server for upload, download and delete file from FTP Server.
  My questions are:
  1) Which are steps for configure an FTP connection?
  2) How can I read, delete and send a flat file to the FTP Server? Can you send a sample code?
  Thanks in advance for your help.
  Best Regards,
  Giulio

  Please check program RSFTP002  is a good example given by SAP .
  a®

• IMac as Ftp Server

  Does anyone has configured the iMac as a ftp server with Mac OS X 10.5.5?

  I guess those programs are intented for outgoing connections, not incoming connections?
  Well, anyways, I managed to solve the problem. Just summing up in case others meet the same problem:
  - Went to Apple Store and bought/installed "OS X Server".
  - Followed the install wizard for the OS X Server.
  - Under "FTP" in OS X Server, turned "On".
  - Under sys prefs/sharing; make sure "Sharing" is activated (which already had been done in my case).
  - Add folder, e.g. "Movies", and enable "read/write" for "everybody" (already done in my case).
  - Back to the OS X Server; changed share to "Movies".
  (you can change share options in OS X Server as well, the same way as under sys prefs.).
  - Now over to the Canon camcorder;
       - Use the IP address for the Mac as the FTP server. Port 21.
       - Set up username/password as for the Mac admin account (not sure if required though).
       - Target folder just set to "/" (files transferred directly to "Movies").
  With this setup, both AVCHD/MP4 movies were transferred easily to my mac.

• Port Mapping Filezilla FTP Server

  I just got a new AirPort Extreme Base Station (802.11n). I must say, I'm pleased for the most part. I'm having an issue with remotely connecting to my FTP server inside the network though.
  Setup:
  The whole this is connected as follows:
  Cable Modem - AEBS - Wired Windows PC
  On this windows PC I run an FTP & HTTP server. Both are functioning properly as they always have, both on the localhost and within the network.
  The HTTP protocol is working fine. I have port 80 mapped to my PC's static IP of 10.0.1.100. I can browse my hosted site from a remote PC no problem.
  Yet, from a remote PC I am unable to fully establish FTP communication. I have port 21 mapped to my PC's static IP as well. Communication seems to be happening; the remote PC gets prompted for their username and password. Shortly after (within a timeout time), the FTP server replies that it cannout open the data channel.
  Data:
  Here is the Remote PC's log of the FTP session:
  Status: Connecting to $server.com ...
  Status: Connected with $server.com. Waiting for welcome message...
  Response: 220 $greeting
  Command: USER $username
  Response: 331 Password required for dave
  Command: PASS $pass**
  Response: 230 Logged on
  Command: SYST
  Response: 215 UNIX emulated by FileZilla
  Command: FEAT
  Response: 211-Features:
  Response: MDTM
  Response: REST STREAM
  Response: SIZE
  Response: MLST type;size*;modify;
  Response: MLSD
  Response: UTF8
  Response: CLNT
  Response: 211 End
  Status: Connected
  Status: Retrieving directory listing...
  Command: PWD
  Response: 257 "/" is current directory.
  Command: TYPE A
  Response: 200 Type set to A
  Command: PASV
  Response: 227 Entering Passive Mode (10,0,1,100,16,141)
  Command: LIST
  Response: 425 Can't open data connection.
  Error: Could not retrieve directory listing
  Solutions Attempts:
  I have tried mapping the FTP data port (20) to the server's static IP to no avail. I even went as far as setting the server as the default host (DMZ); this didn't work either.
  Am I looking at a fresh firmware bug here or am I missing anything? Thanks for your help.
  P.S. No changes have been made on the server and every other no name router I've used has successfully port mapped the server; it's definitely the new hardware.
  Windows PC Windows XP Pro
  Windows PC   Windows XP Pro  

  1. Try to connect to your FTP-Server in AKTIVE-Mode,
  it's a setting in your FTP-Client
  Most all FTP clients are defaulted to passive mode, and I want to connect without asking all users to change their settings.
  Previous routers did not require anything like this, why would this new base station obfuscate the setup?
  2. Don't use the same AirportXtrem internet
  connection (for testing your FTP-Service) where is
  your FTP-Server behind. I don't know why, when I try
  to establish a connection I could not go out and come
  back through my AXtrem on the same way.
  Try it with a Modem, UMTS or with another internet
  connection.
  I don't know exactly what you're talking about. Please explain better or with more details.
  Windows PC Windows XP Pro

• I need helping!!! configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.

  I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
  I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
  I need to allow the following IP addresses to have RDP access to my server:
  66.237.238.193-66.237.238.222
  69.195.249.177-69.195.249.190
  69.65.80.240-69.65.80.249
  My external WAN server info is - 99.89.69.333
  The internal IP address of my server is - 192.168.6.2
  The other server shows up as 99.89.69.334 but is working fine.
  I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
  THE FOLLOWING IS MY CONFIGURATION FILE
  Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
  Also the bolded lines are the modifications I made but that arent working.
  ASA Version 7.2(4)
  hostname ciscoasa
  domain-name default.domain.invalid
  enable password DowJbZ7jrm5Nkm5B encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.6.254 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 99.89.69.233 255.255.255.248
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object-group network EMRMC
  network-object 10.1.2.0 255.255.255.0
  network-object 192.168.10.0 255.255.255.0
  network-object 192.168.11.0 255.255.255.0
  network-object 172.16.0.0 255.255.0.0
  network-object 192.168.9.0 255.255.255.0
  object-group service RDP tcp
  description RDP
  port-object eq 3389
  object-group service GMED tcp
  description GMED
  port-object eq 3390
  object-group service MarsAccess tcp
  description MarsAccess
  port-object range pcanywhere-data 5632
  object-group service MarsFTP tcp
  description MarsFTP
  port-object range ftp-data ftp
  object-group service MarsSupportAppls tcp
  description MarsSupportAppls
  port-object eq 1972
  object-group service MarsUpdatePort tcp
  description MarsUpdatePort
  port-object eq 7835
  object-group service NM1503 tcp
  description NM1503
  port-object eq 1503
  object-group service NM1720 tcp
  description NM1720
  port-object eq h323
  object-group service NM1731 tcp
  description NM1731
  port-object eq 1731
  object-group service NM389 tcp
  description NM389
  port-object eq ldap
  object-group service NM522 tcp
  description NM522
  port-object eq 522
  object-group service SSL tcp
  description SSL
  port-object eq https
  object-group service rdp tcp
  port-object eq 3389
  access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
  access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
  access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
  access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
  access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
  access-list outside_access_in extended permit tcp any interface outside eq 3389
  access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
  access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
  access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
  access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-524.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
  static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  http server enable
  http 192.168.6.0 255.255.255.0 inside
  http 0.0.0.0 0.0.0.0 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set peer 68.156.148.5
  crypto map outside_map 1 set transform-set ESP-3DES-MD5
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 1
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  tunnel-group 68.156.148.5 type ipsec-l2l
  tunnel-group 68.156.148.5 ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
  : end
  ciscoasa(config-network)#

  Unclear what did not work.  In your original post you include said some commands were added but don't work:
  static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
  and later you state you add another command that gets an error:
  static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
  You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
  The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface.  Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
  Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive?  Static PAT usually makes sense when you need to change the TCP port number.  In your example, you are not changing the TCP port 3389.

• Help (pleeeease) with configuring FTP server connection

  HI...I am so frustrated. You have to understand that I am not completely stupid, but I just cannot understand the process which will allow me to connect to a **^&-**** FTP server!!!
  Here's the deal:
  Me, graphic designer, designing among other things, websites.
  Dreamweaver, the software program that I use to design websites.
  So, I design a site, and configure it to upload via FTP. I get the FTP hostname, username, password info from the intended Internet Service Provider, and load that info into the required fields in the Site Manager window. Everything is great until I try to connect to the server....it just won't do it! I get error messages that state flatly that I cannot connect to the remote server, for reasons that are as bland as "username and password information incorrect". I have called the ISP to determine if I am using the correct username, password blah blah blah, and everything checks out on their end. It seems that everyone else but me can connect to a bloody FTP server! Harrumph.
  So...what can I do? Is it that something in the System Preferences panel needs to be adjusted to allow me access to FTP? I have fiddled around a little in there, but don't change anything, because I don't know what TCP/IP, proxy settings, etc. MEANS!!! All I did was allow FTP access (duh).
  Another point of interest is permissions...somewhere along the way, during my long and convoluted journey with this problem, a message came up that mentioned that. Permissions. Don't know what that means either.
  Is there anyone out there that can help me?? I am so confused, and just need a little education. I would greatly appreciate any advice or information. Thanks! Janelle
  iMacG4   Mac OS X (10.4.7)  

  Hi Janelle: I assume the domain is georgeponzini.com
  1. http://georgeponzini.com/index.htm works so we know you have an index.htm page uploaded to the server but it contains no information at all, like you uploaded a completely blank page, no title, no code, nothing, nada...
  2. http://georgeponzini.com/index.html does not exist, you never uploaded a page so what we see is an error page, saying such a file does not exist.
  3. The link you have ftp-dom.earthlink.net/ is for uploading directly from a browser but I could not get it to work in Safari but does work in Firefox, which you can consider downloading and using.
  4. If you can upload from your Control Center at Earthlink.net, that's a no brainer, this is the option to take, you cannot make any errors doing it this way. But that we'll figure out next... It's ok you do not see a public_html folder you are probably already in it when you log in. Where you given instructions to upload into the WEBDOCS/ folder, if so you did that right.
  BTW - have you checked with Earthlink that Control Center will work on a Mac using Safari asa browser
  5. Your index.htm page/file is NOT where you upload to, the index.htm IS the 'Home Page' or 'Index Page'. You're seeing a white page because it contains no information, but you must have uploaded a file/page named index.htm (see 1 above)
  6. If you have files/pages uploaded in the correct area, see if you can rename any file index.html - I am sure you can do this at the Control Center, if not do this on your computer and use 'save as' > index.html - upload this file/page and see if it displays
  Let me know what happens, Rick
  iMac G5 iSight 20" - 30G iPOD - HP Pav 15" WS and Toshiba Sat 17" WS   Mac OS X (10.4.7)   Canon 20D & A620

• Configuring Solaris 8 FTP Server

  I am new to solaris 8. Can anyone help me on where to go or what file to edit to configure my ftp server. The main goals that I want to accomplish are to change the default ftp directory and to specify a login password. I would also like to know how to enable ftp upload.
  - Thank you

  Hi,
  If you must log into the ftp server as root for some reason you have to first edit the ftpusers file. This file lists all the users who can not use ftp. The file is found here /etc/ftpusers. If you remove the entry root from this file it will allow root to log into the ftp server.
  Hope This Helps.
  Regards,
  Andrew
  Sun Developer Technical Support

• The FTP server configured for this site doesn't seem to match the URL you entered. Make sure that you use the Upload to FTP Host feature in Muse to publish the site directly to the final location and that you are logging on to In-Browser Editing with the

  When i tried to login in inbrowserediting.adobe.com i see that:
  The FTP server configured for this site doesn't seem to match the URL you entered. Make sure that you use the Upload to FTP Host feature in Muse to publish the site directly to the final location and that you are logging on to In-Browser Editing with the same user.
  What does it mean? What is problem?

  Hi,
  I have just created my First website using Muse and Its all been uploaded to my FTP server but i cant access the in browser editing which was the whole reason why i re-done the website for my client using muse
  its saying the following
  "The FTP server configured for this site doesn't seem to match the URL you entered. Make sure that you use the Upload to FTP Host feature in Muse to publish the site directly to the final location and that you are logging on to In-Browser Editing with the same user. server configured for this site doesn't seem to match the URL you entered. Make sure that you use the Upload to FTP Host feature in Muse to publish the site directly to the final location and that you are logging on to In-Browser Editing with the same user."
  Yet i Can access my website fine "www.calmwood.com.au"
  My ftp server responds to either the IP Address or the DNS Address www.calmwood.com.au
  so i am not understanding how it thinks its different. when its fully referenced
  any help would be appreciated.
  thanks

• Which comm. channel is configured with a certain ftp server?

  Hi,
  i wold like to have a list of all comm.channels which are using a certain ftp server. How can i get this list

  i dont think we have any shortes way to find..by checking manually then only we can differentiate else if your company follwoing proper naming standards then they will create individual bussiness component for every FTP.
  Regards,
  Raj

• How to connect to the internet with ASA 5515 X?

  Hi all:
  I just got my new ASA 5515 X firewall and I got stuck in the first steps.
  I can ping a public IP (8.8.8.8) from the device but I cannot ping it from my LAN.
  I know I am missing either NAT rules or Access rules or maybe both, but I need some help, please.
  Thank you.

  ciscoasa# sho run
  : Saved
  ASA Version 9.1(2)
  hostname ciscoasa
  enable password djMW8L3Na14L7q2L encrypted
  names
  interface GigabitEthernet0/0
   nameif OUTSIDE
   security-level 0
   ip address 10.9.251.2 255.255.255.0
  interface GigabitEthernet0/1
   nameif INSIDE
   security-level 100
   ip address 10.9.250.2 255.255.255.0
  interface GigabitEthernet0/2
   shutdown
   no nameif
   no security-level
   no ip address
  interface GigabitEthernet0/3
  <--- More --->
   shutdown
   no nameif
   no security-level
   no ip address
  interface GigabitEthernet0/4
   shutdown
   no nameif
   no security-level
   no ip address
  interface GigabitEthernet0/5
   shutdown
   no nameif
   no security-level
   no ip address
  interface Management0/0
   management-only
   nameif management
   security-level 100
   ip address 192.168.1.1 255.255.255.0
  ftp mode passive
  <--- More --->
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network inside_net
   subnet 10.9.250.0 255.255.255.0
  pager lines 24
  logging asdm informational
  mtu OUTSIDE 1500
  mtu INSIDE 1500
  mtu management 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any INSIDE
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  object network inside_net
   nat (INSIDE,OUTSIDE) dynamic interface
  route OUTSIDE 0.0.0.0 0.0.0.0 10.9.251.1 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  <--- More --->
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec security-association pmtu-aging infinite
  crypto ca trustpool policy
  telnet timeout 5
  ssh timeout 5
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  dhcpd address 192.168.1.2-192.168.1.254 management
  dhcpd enable management
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  class-map inspection_default
  <--- More --->
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny  
    inspect sunrpc
    inspect xdmcp
    inspect sip  
    inspect netbios
    inspect tftp
    inspect ip-options
  <--- More --->
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
  : end
  ciscoasa# sho runpacket-tracer input inside icmp 10.9.250.3 0 0 8.8.8.8 detailed
  Phase: 1
  Type: ROUTE-LOOKUP
  Subtype: input
  Result: ALLOW
  Config:
  Additional Information:
  in   0.0.0.0         0.0.0.0         OUTSIDE
  Phase: 2
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  object network inside_net
   nat (INSIDE,OUTSIDE) dynamic interface
  Additional Information:
   Forward Flow based lookup yields rule:
   in  id=0x7fff293db020, priority=6, domain=nat, deny=false
      hits=22235, user_data=0x7fff2a6a3810, cs_id=0x0, flags=0x0, protocol=0
      src ip/id=10.9.250.0, mask=255.255.255.0, port=0, tag=0
      dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
      input_ifc=INSIDE, output_ifc=OUTSIDE
  Phase: 3
  <--- More --->
  Type: NAT
  Subtype: per-session
  Result: ALLOW
  Config:
  Additional Information:
   Forward Flow based lookup yields rule:
   in  id=0x7fff29b804b0, priority=0, domain=nat-per-session, deny=true
      hits=26730, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=0
      src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
      dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
      input_ifc=any, output_ifc=any
  Phase: 4
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
   Forward Flow based lookup yields rule:
   in  id=0x7fff2a633a90, priority=0, domain=inspect-ip-options, deny=true
      hits=25709, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
      src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
      dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
      input_ifc=INSIDE, output_ifc=any
  <--- More --->
  Result:
  input-interface: INSIDE
  input-status: up
  input-line-status: up
  output-interface: OUTSIDE
  output-status: up
  output-line-status: up
  Action: drop
  Drop-reason: (nat-xlate-failed) NAT failed
  ciscoasa#

• FTP Server: PASV / Illegal PORT Command Issues

  Hi,
  I'm hoping someone can shed some light on this.
  We have an iMac running 10.6.6 server with the FTP service running. Everything has worked fine for the last 6 months, including an office move (new IPs, etc) but suddenly in this last week, a lot of users (internal and external) are getting an "Illegal PORT Command" error when connecting.
  The iMac is behind an Airport firewall with ports 20 and 21 forwarded to the server.
  From what I've read the issue is a NAT related but I can figure out how to fix. The weird thing is that none of us here can think of any changes we've made on the server or Airport in the last week.
  I've tried a mismatch of rules in the ftpaccess config file in /Library/FTPServer/Configuration/:
  passive address external_ip 0.0.0.0/0
  pasv-allow all 10.0.1.1/24
  passive ports 10.0.1.1/24 54350 65535
  with no success.
  Debug from transmit when connecting:
  Transmit 4.1.5 (x86_64) Session Transcript [Version 10.6.6 (Build 10J567)] (11-02-24 2:10 PM)
  LibNcFTP 3.2.3 (July 23, 2009) compiled for UNIX
  220: server.private FTP server ready.
  Connected to domain_name
  Cmd: USER username
  331: Password required for username.
  Cmd: PASS xxxxxxxx
  230: User username logged in.
  Cmd: TYPE A
  200: Type set to A.
  Logged in to domain_name as username.
  Cmd: SYST
  215: UNIX Type: L8 Version: BSD-199506
  Cmd: FEAT
  211: Supported features:
  REST STREAM
  ADAT
  AUTH
  CCC
  CONF
  ENC
  MIC
  PBSZ
  PROT
  MDTM
  UTF8
  SIZE
  End
  Cmd: OPTS UTF8 ON
  200: UTF-8 encoding enabled
  Cmd: PWD
  257: "/" is current directory.
  Cmd: PASV
  425: Can't open passive connection: Can't assign requested address.
  Passive mode refused.
  Connection falling back to port (PORT) mode.
  Cmd: PORT 10,0,1,6,250,79
  500: Illegal PORT Command
  Cmd: PORT 10,0,1,6,250,80
  500: Illegal PORT Command
  Cmd: PORT 10,0,1,6,250,81
  500: Illegal PORT Command
  Cmd: PORT 10,0,1,6,250,82
  500: Illegal PORT Command
  Disconnecting from server…
  Cmd: QUIT
  221: You have transferred 0 bytes in 0 files.
  Total traffic for this session was 187 bytes in 0 transfers.
  Thank you for using the FTP service on server.private.
  Goodbye.
  Anyone know what I can try?
  Thanks.
  Message was edited by: s-chilly

  In terms of the Airport Extreme, is the Mac Mini Server currently set to the default host? If the Mac Mini Server is not currently set to the default host, this needs to be configured as such.
  To set up the Mac Mini Server as the default host on the Airport Extreme:
  1 Open AirPort Utility, select your wireless device, and then choose Manual Setup from the Base Station menu, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary.
  2 Click the Internet button, and then click NAT.
  3 Select the “Enable Default Host at” checkbox if not already checked.
  4 Enter the same IP address of the Mac Mini Server.
  This works

• How can i do scheduled automatic backups to an ftp server in ios xr?

  Hello guys! As the title says im looking forward to automatically back up my running config on a cisco CRS-1 to an FTP server. I was only able to find this config example:
  Configuration commit auto-save filename ftp://A.B.C.D/myconfig.txt
  This allows me to save my config to an ftp server everytime i use commit on the device. Now i want to know if there's a way to automatically save my configs everyday at 00:00  and also include the date and time in the name of the file so i don't overwrite the existing files in the ftp server.
  I dont want to use any tool i just wanna know if what im asking is possible via CLI commands. I would greatly appreciate your help with this subject.
  Regards,
  David

  Not sure if this script will work on a CRS, but try this:
  archive
  log config
  logging enable
  hidekeys
  path tftp:///$h-
  write-memory
  time-period 10080
  Explaination: 
  There are two ways to save your config to your remote station:
  1.  When someone saves the config; and
  2.  At an alloted time period, expressed in 10080 (weekly for me).