ACL FTP connection problem

I have a problem with the ACL I have FTP transmitted by PAT to an internal server on my border router. I have a pretty extensive ACLs that refuses the spider servers and some beaches I know senders of junk e-mail. The problem in FTP. When the ACL is applied to my external interface (fa0/1) I can not connect via FTP. When I drop the group access, I can connect to FTP a-okay. When the ACL is applied all my other services work as well (http on port 1337, ssh, PPTP, IRC and teamspeak - 9987 UDP). Here is my config. Any help will be highly appreciated:

Building configuration...

Current configuration: 6674 bytes

!

! Last configuration change at 11:07:17 PST Sunday, December 30, 2012, by admin

! NVRAM config last updated at 19:12:53 PST Sunday, December 30, 2012, by admin

!

version 12.4

horodateurs service debug datetime msec

Log service timestamps datetime msec

no password encryption service

!

hostname R1

!

boot-start-marker

boot-end-marker

!

enable secret 5 *.

!

No aaa new-model

clock timezone PST - 8

clock to summer time recurring CDT

no location network-clock-participate 1

No network-clock-participate wic 0

IP cef

!

!

!

!

IP domain name * *.net

IP-server names 4.2.2.2

inspect the IP log drop-pkt

property intellectual auth-proxy max-nodata-& 3

property intellectual admission max-nodata-& 3

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

user admin name secret 5 *.

!

!

!

!

!

!

!

interface FastEthernet0/0

Description main switch Port

IP 172.16.0.254 255.255.255.252

IP nat inside

no ip virtual-reassembly

Speed 100

full-duplex

!

interface FastEthernet0/1

Description Internet Port

DHCP IP address

IP access-group WANACL in

NAT outside IP

no ip virtual-reassembly

automatic duplex

automatic speed

!

router ospf 100

Log-adjacency-changes

passive-interface FastEthernet0/1

network 172.16.0.252 0.0.0.3 area 0

default information are created

!

IP forward-Protocol ND

!

!

no ip address of the http server

no ip http secure server

overload of IP nat inside source list 101 interface FastEthernet0/1

IP nat inside source static tcp 10.50.0.250 1723 interface FastEthernet0/1 1723

IP nat inside source static tcp 10.20.0.200 22 interface FastEthernet0/1 22

IP nat inside source static tcp 10.20.0.100 6667 interface FastEthernet0/1 6667

IP nat inside source static tcp 10.20.0.200 80 interface FastEthernet0/1 1337

IP nat inside source static udp 10.20.0.100 9987 interface FastEthernet0/1 9987

IP nat inside source static tcp 10.20.0.250 21 interface FastEthernet0/1 21

IP nat inside source static tcp 10.20.0.250 20 interface FastEthernet0/1 20

!

WANACL extended IP access list

Note * established connections permit *.

allow tcp any a Workbench

Note * Immediate deny forbidden beaches *.

----------------------------------------------------

* Lost prohibited beaches *.

----------------------------------------------------

Note * deny spiders *.

----------------------------------------------

* Ranges of Spider lost *.

-----------------------------------------------

Note * DHCP allow *.

allow udp any any eq bootpc

Note * specific permit ICMP *.

permit any any icmp echo response

Note * deny bogon beaches *.

deny ip 127.0.0.0 0.255.255.255 everything

deny ip 169.254.0.0 0.0.255.255 everything

deny ip 10.0.0.0 0.255.255.255 everything

deny ip 172.16.0.0 0.15.255.255 all

deny ip 192.168.0.0 0.0.255.255 everything

Note * allow all UDP traffic *.

allow a udp

Note * NAT services permit (recorded in SNMP) *.

permit tcp any any eq ftp log

permit tcp any any eq 1723

permit tcp any any newspaper of ftp - data eq

permit tcp any any eq 22 log

permit tcp any any eq 6667 newspaper

allow a gre

allow udp any any eq newspaper 9987

permit tcp any any eq 1337

refuse an entire ip

!

record 10.50.0.250

access-list 101 permit any one

access list 101 ip allow a whole

!

!

!

control plan

!

!

!

!

!

!

!

!

!

!

access controller

Shutdown

!

exec banner ^ C

WARNING: Unauthorized access to this system is prohibited and will be

pursued by the law. By accessing this system, you agree that your

actions can be monitored if you suspect unauthorised use.

^ C

connection of the banner ^ C

*************************************************************

WARNING - PRIVATE - ACCESS FORBIDDEN ELECTRONIC DEVICE

This device is a private network device.  Access to this device is

not allowed.  Any attempt of unauthorized access will be connected

and appropriate legal action will be taken.

*************************************************************

^ C

!

Line con 0

password 7 *************************************

Synchronous recording

local connection

line to 0

password 7 *************************************

Synchronous recording

local connection

line vty 0 4

password 7 *************************************

Synchronous recording

local connection

length 0

preferred transport ssh

line vty 5 15

password 7 *************************************

Synchronous recording

opening of session

preferred transport ssh

!

NTP-period clock 17180466

NTP 184.105.192.247 Server

!

end

is your server FTP active or passive?

ACL will change you accordingly. try to capture the transaction successful with FTP in wireshark and analyze the source and destination ports.

http://www.SlackSite.com/other/FTP.html

Tags: Cisco Security

Similar Questions

  • FTP connection problems

    I'm having a problem with connecting to my ftp server. It has been tested to run on other computers, but on Windows, it cannot connect. Even with the firewall disabled, it still does not. Any ideas?

    Hi Malcolmvolk,

    The question you posted would be better suited in the TechNet community. I suggest that you post the query in the link.
    Hope this information helps.

  • Mac user: pw of unregistered FTP connection

    I tried this announcement to another topic which was published by a PC user, worry that he's going to be buried. I am a Mac user and having this same annoying FTP connection problem. I don't have IE7 (can't, thank you Microsoft) and had no problem in MX, that after the update to Studio 8. Have the 8.0.2 update without problems. Does not solve the problem. Murray, you're there. Help!

    Ok. It took me a few months to understand this, but I post this info for other Mac users who was struggling. The culprit is the keychain. Keychain is inhibiting the passwords of Dreamweaver. Don't ask me why... all I know is after I emptied the login Keyring (which was hidden, by the way), everything was restored to goodness and health and Dreamweaver works as it did formerly.

  • Update of Muse CC 2014.3 still have FTP upload problem: the server responding is not in time, FTP is not supported on this server [connection has expired after 15001 millseconds.] I have no problem with CC 2014. Can you suggest what I should do?

    Update of Muse CC 2014.3 still have FTP upload problem: the server responding is not in time, FTP is not supported on this server [connection has expired after 15001 millseconds.] I have no problem with CC 2014. Can you suggest what I should do?

    Hello.

    Today, I had the opportunity to work with a user of Muse with the same problem after you perform the troubleshooting steps in the post above we decided to communicate with the host.

    Later, I learned to know that host IP of the user of Muse and they managed to unlock and muse began to connect to the FTP host.

    I have another host scenario suggests Muse to add user : 21 to the FTP address and then Muse was able to connect.

    For example ftp.domain.com:21

    Please try the suggestion 2 above and let me know if it works.

    Concerning

    Vivek

  • FTP with Dreamweaver CS 5.5 connection problems

    Hi guys,.

    I was fine with my monthly updates of web to some web pages I'm grammatical when all of a sudden, my FTP connection stopped working.

    I have tried everything and know that everything is connected.  I was Obamorized so I can't afford to upgrade to a newer version of DW; I don't have the money. I can only work with what I have: CS 5.5.

    Please email me some suggestions or ideas. I have a monthly audience ranging between 40 000 and 60,000 visitors a month and need to get these updates made...

    Mike Humphrey

    Web administrator. for of AskACatholic.com

    Can you connect using your authentication information with any third-party application FTP (such as Filezilla - which many people use rather than DW)? This is the first test case...

  • Qosmio F30-117: Impossible to establish FTP connections

    I have a Qosmio F30-117, windows XP, Norton Internet security.
    When I try to FTP to my site I get FTP connection failed.

    I tried it on a friends computer and the connection has been established the first time.
    When I joined my laptop to its broadband - no FTp connection. This eliminates at least my router.

    I tried to disbale parts of Norton Internet Security, without success.

    Help?

    Hello

    so if I were you I would completely disable the Norton software and make sure that the Windows Firewall is to leave you hollow. If not, you should check if your friend has put in place properly. If you want to test that your machine is able to connect via FTP, then go to www.kernel.org and enter an ftp address.

    Open your favorite FTP client, and then try to connect. If the connection fails really then double check all the settings and try again. I think that the problem is so low that everybody he oversees everything. ;)

    Welcome them

  • How can I fix my internet connectivity problems: entry msafd tcpip tcp provider ip could not perform looping simple communication

    WinSock diagnostic

    WinSock status
    info all base service provider entries are present in the Winsock Catalog.
    channels of information the Winsock Service provider are valid.
    error entry MSAFD Tcpip [TCP/IP] provider could not perform the looping simple communication. Error 10055.
    Info entry provider MSAFD Tcpip [UDP/IP] passed the loopback communication test.
    Info entry RSVP UDP Service Provider provider passed the loopback communication test.
    error entry RSVP TCP service provider provider could not perform the looping simple communication. Error 10055.
    connectivity error problem exists with an installed LSPS.
    repair automatic action: WinSock Reset catalog
    action completed successfully: netsh winsock reset catalog
    the information system required reboot
     
    Diagnosis of network adapter
    Network location detection
    Info to help home Internet connection
    Identification of network adapter
    Info network connection: name = Local, Device network connection = Intel(r) 82566DM Gigabit Network Connection, MediaType = LAN, type = LAN
    Info network connection: name = 1394 connection, device = 1394 Net Adapter, MediaType = LAN, type = 1394
    Info network connection: name = Sprint PCS Vision, peripheral = Palm Treo Modem, MediaType = PHONE, type = NONE
    Info Ethernet connection selected
    State of the network adapter
    Info network connection status: connected
     
    HTTP, HTTPS, FTP Diagnostic
    HTTP, HTTPS, FTP connectivity
    WARN HTTPS: error 12029 connecting to www.microsoft.com: a connection with the server could not be established
    warn HTTP: error 12017 connecting to www.microsoft.com: the operation has been cancelled
    WARN FTP (active): error 12029 connecting to FTP.Microsoft.com: a connection with the server could not be established
    WARN HTTPS: error 12029 connecting to www.passport.net: a connection with the server could not be established
    WARN FTP (passive): error 12029 connecting to FTP.Microsoft.com: a connection with the server could not be established
    warn HTTP: error 12029 connecting to www.hotmail.com: a connection with the server could not be established
    error could not make an HTTP connection.
    error could not make an HTTPS connection.
    error could not make an FTP connection.
    [/codebox]

    Hello

    You did changes to the computer before this problem?

    Try the steps and check them out below:

    a. open internet explorer.
    b. click on tools > Internet Options.
    c. click on the Connections tab.
    d. click the LAN Settings button.
    e. uncheck all options on the shortcut menu.
    f. click on the OK button.

    Similar problem: http://answers.microsoft.com/en-us/windows/forum/windows_other-windows_update/error-12029-in-ie-8/47a865dc-3237-4e07-84a9-d9fb20a766e3

  • Impossible to get online - reading HTTP/HTTPS/FTP Firewall problem

    I cannot get online and diagnosis to assess the problem.

    The error I get indicates that it is a firewall problem; However, when I disabled my firewall and tried to connect, it still wouldn't let me.  I ran the diagnostic and received an error message that passport.com certificate is expired.  It is said that the system could not connect over HTTP/HTTPS and FTP (passive) was able to connect.  Help, please.  Thank you!

    Sorry try this first...

    You can change the behavior of the Internet Connection Firewall by turning on various ICMP options, such as allow an incoming echo request, allow incoming timestamp request, allow incoming router requestand Allow redirect. Brief description of these options appear on the ICMP tab

    If your network uses Internet connection sharing to provide Internet access to multiple computers, it is recommended to activate the shared Internet connection on the Internet Connection Firewall. However, you can activate the shared Internet connection and Firewall Internet connection separately. It's a good idea to enable the ICF on the Internet connection on any Microsoft Windows XP computer that is connected directly to the Internet.

    Internet Connection Firewall can also help protect a single computer connected to the Internet. If you have a single computer connected to the Internet with a cable modem, a DSL modem, or a dial-up modem, Internet Connection Firewall protects your Internet connection. Do not cut the ICF for virtual private network (VPN) connections because Internet Connection Firewall interferes with file sharing and other VPN functions.

    ??????????????????????????????????????????????????????????????????????????????????????????????   OR

    http://support.Microsoft.com/kb/936211/en-us read up on that let me know if this helped.

    Internal modem

    To restart an internal modem, you must restart the computer. If you still experience network connectivity problems after you restart the computer, go to step 2. If you connect to the Internet using a router, there may be a problem with the configuration settings, and they must be updated. To determine if a network connectivity problem is caused by a bad configuration or a problem with the router, you can bypass the router and connect your computer directly to the modem.

    Warning Connect your computer directly to the Internet may be left vulnerable to attacks. To protect the computer against attacks, make sure that a firewall is installed and that the firewall is enabled on your computer. To learn more about the Windows Firewall that is included in Windows Vista, see the "Windows Firewall" section.

    Windows Firewall

    Windows Vista includes a firewall, called Windows Firewall. By default, the Windows Firewall is enabled. However, you should always check that the Windows Firewall is turned on before you connect the computer to the Internet. To verify that Windows Firewall is turned on, follow these steps:

    1. Click Startand then click Control Panel.
    2. In the search box in the upper right corner of Control Panel, type security.
    3. In the search results that appear, click the icon or the link to the Security Center. In the window that appears, you will see four bars that are titled firewall, automatic updating, malware protection, and other security settings.
    4. Click the arrow to the right in the firewall bar to expand the bar. The extended bar will display one of the following three options:
      1. If the firewall bar is green, it means that the firewall is enabled.
      2. If the firewall bar is red, you may see a message that the Windows Firewall is disabled. To turn on the Windows Firewall and cause the firewall bar to the center of safety to turn green, click activate now.
      3. If the firewall bar is red, and the message describes a problem with a third-party firewall program, we recommend that you disconnect the computer from the network and then contact the vendor of the firewall program for more information on how to activate the third-party firewall program.

  • Win 7 driver - data FTP connection error

    I tried to download Windows 7 (32 bit) HP Deskjet and Officejet full feature software and drivers from the support link for my HP PSC 1402 for the past three days BUT get a "data connection error". Tried to do it from another PC and ISP and still the same problem... Anyone know of similar problems with the FTP server?

    Due to the huge size of the driver that is nearly 370 MB and a lot of people trying to download it could have caused the problem.

    Please try to download it from this link:

    FTP://ftp.HP.com/pub/softlib/software11/COL30219/al-75052-1/AIO_CDB_NonNet_Full_Win_WW_130_141.exe

    To use download managers that will help you have the best ftp connection. Here's one I like:

    http://files.FreeDownloadManager.org/Lite/fdminst-Lite.exe

  • FTP connection refused with FTP client to open the port in the firewall ESX

    Hello.

    I just installed an esx 3.5 U4.    We have an FTP server where we all night to make a copy of all our VM.

    This ESX may not put the files in the FTP server... I open the FTP client port on the 'profile terms' - & gt; Firewall tab without problems and

    I can connect with the FTP server... but... I can't do a LS for example, can I change to a different folder, I try with passive mode works... but

    It does not work.

    FTP server works well because other ESX work with her, and I do my windows XP with the same user/pass login and it works...

    Any idea?

    Thank you very much

    # ftp 192.168.18.15

    Connected to 192.168.18.15 (192.168.18.15).

    Welcome to 220 xxxxxxxx

    Name (192.168.18.15:morado): vmbk

    331 please specify the password.

    Password:

    230 login successful.

    Remote system type is UNIX.

    Using the binary mode to transfer files.

    FTP & gt; Backup CD

    250 changed Directory successfully.

    FTP & gt; LS

    227 entry Passive Mode (192,168,18,15,72,91)

    FTP: connect: connection refused

    FTP & gt;

    Looks like the second TCP connection for file transfer (which is also used in the list of directories) from the client FTP on the server fell. Have you tried completely disabling the firewall with esxcfg-firewall - allowOutgoing (can try esxcfg-firewall - allowIncoming, although it should not be necessary in the passive FTP mode)? This command sets the iptables chains of ENTRY and EXIT to accept instead of the fall.

    I tried esxcfg-firewall - e ftpClient and it worked fine for me.

    You could also post your esxcfg-firewall OUTPUT string parameters - q.

  • . PPK files and secure FTP connections

    Hello community!

    I'm having some trouble in establishing an FTP connection in ColdFusion. The error message I get is "Invalid private key" and refuses the connection. Yes, "Invalid" is a misspelling it :-)

    This is the code I use:

    < cftry >
    "" < PCTCT action = "open" connection = "MaConnexion" key = "\\server\web\retail\dir\privateKey.ppk"passphrase = "pass" safe = "yes" server ="sftp.server.com" port = "22" stoponerror = "yes" username = "theUsername" >
    < cfcatch type = "any" >
    < cfoutput >
    < cfdump var = "#cfcatch #" >
    < / cfoutput >
    < / cfcatch >
    < / cftry >

    I wonder what the problem is here! I'd appreciate REALLY all thougts!

    My guess is that SFTP wants the key SSH format, something like this:

  • AppStore connection problem!

    Hello

    I'm running a 21.5 "iMac with OS X El Captan 10.11.5. My problem is that I am not able to connect to iCloud and the App Store on my Mac.

    The error I get is "there was an error connecting to server Apple ID"

    The same username and password works perfectly well on the site of iCloud, my app store on the iPhone and the iPad, but not on Mac.

    What is the way my iMac communicates via the internet? We have a firewall. And oh, the software update for El Capitan is downloading as I type; He didn't even ask for IDs, just started downloading automatically. The same thing happened yesterday with the updates listed on the tab Update on the app store - they have been is downloaded yesterday without asking my login details but it was a rare event; connection problems I described above took place during the last month or so.

    How can I fix?

    Thank you!!

    Try disconnecting all the services using your Apple ID on your iMac, iTunes, FaceTime, iMessage and try to sing.

    If you cannot connect to the iTunes Store - Apple Support

  • Connection problems can not connect I forgot my password I did ' get the confirmation email.

    Cannot connect connection problems I forgot my password I have request a Reset password but I did ' t get the confirmation email.

    Go through the logon process. When you enter your name / password
    should be a link I forgot the password. Site more to have that.

  • Why do I get "Connection problem" on my laptop, when I try to access my e-mail account Yahoo with the new version of Firefox?

    Since I updated firefox to 29.0.1 on my desktop, I can't access my account at Yahoo.com from my ASUS laptop. "Connection problem" appears when he tries to retrieve new messages. I received mail on the ASUS 12/03/13, but from now on I get this message and no new mail arrives at the ASUS.

    Some problems occurs when your Internet security program was set to trust to the
    a previous version of Firefox, but no longer recognizes your updated as version
    level of confidence. Now how do I solve the problem: to allow Firefox to connect to the Internet
    Once again:

    • Make sure your Internet security software is up-to-date (for example, you are using the latest version)
    • Delete Firefox to list your program of trusted or recognized programs, then add it again. For detailed instructions, see Configure the firewall so that Firefox can access the Internet.

  • Strange internet connectivity problem

    Hello!

    I'm having a connectivity problem I have never met before. I use a wireless router from Apple with internet cable.

    Yesterday, my computer would be is no longer in contact with my router wi - fi. I get a message that the network could not be attached (I ran the Diagnostics wireless, but it's a whole lot of sense to me empty files). However, I also have a Roku, and which IS connected to the WiFi without problem. I completely stopped and restarted the computer, no joy. Reset the modem and the router, no joy. Still works with Roku, not with the computer. But the weird part is, I have Optimum Online, which allows subscribers to log-in to its hotspots, and it worked! I am connected Optimum wi - fi network on my computer right now.

    So I don't know where is the problem! It is not the router, because this is related work with Roku and is not the computer, because it is connected and working with the Optimum hotspot. What gives?

    Try this!

    Go to the Apple menu > System Preferences > network

    Select a Wi - Fi connection in the sidebar and then click on the button "Advanced...". "in the lower right corner of the screen

    In the list of preferred networks, delete the name of your Wi - Fi network

    Click on the "OK" button to save that change and then 'apply' in the network preferences window.

    Now, go to the Applications folder > utilities > Keychain Access

    Make sure that "Login" keychain is selected and "All items" in the category is selected in the sidebar

    Use the search field to find items that Keychain with the name of your Wi - Fi network and remove

    Quit Keychain Access

    Now try and access your Wi - Fi network

Maybe you are looking for

  • How to turn off the new ipad 3 for the load?

    How to stay out of whn I recharge? Coz it's going to be back on whn I plug. If I plug 1 jux stop, her load b. wonyt. WHN it 1-20% he actually died. After 21%, it will b back. How to.slove tis problem? TQ 3 iPad ios 9.2

  • Backlit keyboard Lenovo X 250

    Hi guys,. I was wondering if I could replace my no backlit keyboard with a backlit keyboard in my X 250 Does anyone know the partnumber to a X 250 UK backlit keyboard?

  • Long DST failed

    Product name: hp pavilion sleekbook 15-b007se Operating system: WIN 8.1 Problem: my windows 8.1 2 days appear with the blue screen KERNEL_DATA_INPAGE_ERROR Win32k.SYS The test is performed: Memory verification: past INTELLIGENT control: passed Long D

  • New Hardware Wizard two elements that show in detail: the first watch Root\legacy_cd20xrnt\software... and the second is Root\legacy_hpn\software

    I hope I am posting this in the right space... on windows xp sp3. At the start of the installation Assistant starts... want to install and unknown device... (not tried to install anything in a long time) Looking in the Device Manager, there are two e

  • HP Envy 700-074 model BIOS corruption, or bug, etc.

    Hello My name is Patrick Barker, and I'm an analyst of the blue screen of death core Dump. During the last week, I ran into two users having a HP Envy 700-074 computer and experience the same exact bug check. The first time I met such a bug check, I