We have an FTP site and we are able to access it through the inside, but we are not able to access it from the outside. I believe that these ports on the firewall are not open: 20 and 21. Here is the confifuration that is currently now on the Cisco Firewall:
PIX Version 5.1(5)
nameif ethernet0 outside security0
nameif ethernet1 inside security100 hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list acl_in permit tcp any host 192.168.1.2 eq smtp
access-list acl_in permit tcp any host 192.168.1.15 eq www
access-list acl_in permit tcp any host 192.168.1.20 eq www
access-list acl_in permit tcp any host 192.168.1.41 eq 3389
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
no logging buffered
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 216.43.134.162 255.255.255.240
ip address inside 192.168.1.1 255.255.255.0
ip local pool dealer 192.168.1.15-192.168.1.19
arp timeout 14400
global (outside) 1 216.43.134.166
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
alias (inside) 192.168.1.20 216.43.134.163 255.255.255.255
alias (inside) 192.168.1.15 216.43.134.165 255.255.255.255
static (inside,outside) 216.43.134.164 192.168.1.2 netmask 255.255.255.255 0 0
static (inside,outside) 216.43.134.165 192.168.1.15 netmask
static (inside,outside) 216.43.134.163 192.168.1.20 netmask 255.255.255.255 0 0
static (inside,outside) 216.43.134.167 192.168.1.30 netmask 255.255.255.255 0 0
conduit permit icmp any any
conduit permit tcp host 216.43.134.164 eq smtp any
conduit permit tcp host 216.43.134.165 eq conduit permit tcp host 216.43.134.163 eq conduit permit tcp host 216.43.134.167 eq 1494 any
conduit permit udp host 216.43.134.167 eq 1604 any
conduit deny tcp host 0.0.0.0 eq 5190 any
conduit deny udp host 0.0.0.0 eq 5
conduit deny tcp any eq 7070 any
conduit permit tcp host 0.0.0.0 eq 3389 any
route outside 0.0.0.0 0.0.0.0 216.43.134.161 1
timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection tcpmss 1300
sysopt connection permit-ipsec
no sysopt ro
isakmp identity hostname
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
terminal width 80
Cryptochecksum:7f44e7c2fcf57dd5cff19c2e300a0586
I know that I am missing something. What commands to I need to setup inorder to have people access the FTP site from the outide. If anyone has any answers or suggestions that would be great.
Thanks,
jlogmann
PIX Version 5.1(5)
nameif ethernet0 outside security0
nameif ethernet1 inside security100 hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list acl_in permit tcp any host 192.168.1.2 eq smtp
access-list acl_in permit tcp any host 192.168.1.15 eq www
access-list acl_in permit tcp any host 192.168.1.20 eq www
access-list acl_in permit tcp any host 192.168.1.41 eq 3389
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
no logging buffered
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 216.43.134.162 255.255.255.240
ip address inside 192.168.1.1 255.255.255.0
ip local pool dealer 192.168.1.15-192.168.1.19
arp timeout 14400
global (outside) 1 216.43.134.166
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
alias (inside) 192.168.1.20 216.43.134.163 255.255.255.255
alias (inside) 192.168.1.15 216.43.134.165 255.255.255.255
static (inside,outside) 216.43.134.164 192.168.1.2 netmask 255.255.255.255 0 0
static (inside,outside) 216.43.134.165 192.168.1.15 netmask
static (inside,outside) 216.43.134.163 192.168.1.20 netmask 255.255.255.255 0 0
static (inside,outside) 216.43.134.167 192.168.1.30 netmask 255.255.255.255 0 0
conduit permit icmp any any
conduit permit tcp host 216.43.134.164 eq smtp any
conduit permit tcp host 216.43.134.165 eq conduit permit tcp host 216.43.134.163 eq conduit permit tcp host 216.43.134.167 eq 1494 any
conduit permit udp host 216.43.134.167 eq 1604 any
conduit deny tcp host 0.0.0.0 eq 5190 any
conduit deny udp host 0.0.0.0 eq 5
conduit deny tcp any eq 7070 any
conduit permit tcp host 0.0.0.0 eq 3389 any
route outside 0.0.0.0 0.0.0.0 216.43.134.161 1
timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection tcpmss 1300
sysopt connection permit-ipsec
no sysopt ro
isakmp identity hostname
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
terminal width 80
Cryptochecksum:7f44e7c2fcf57dd5cff19c2e300a0586
I know that I am missing something. What commands to I need to setup inorder to have people access the FTP site from the outide. If anyone has any answers or suggestions that would be great.
Thanks,
jlogmann