You have an FTP server using a non-standard TCP port number.
The FTP protocol includes IP address information in the packet payload. Normally, Cisco's NAT implementation rewrites IP address information in the payloads of FTP packets by looking in every packet sent on TCP port 21, which is the port that FTP uses to pass session control information by default. So when an FTP server uses a nonstandard TCP port number for session control, you must configure the NAT router to expect FTP packets on the new port number:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#access-list 19 permit 192.168.55.5 Router(config)#ip nat service list 19 ftp tcp port 8021 Router(config)#ip nat service list 19 ftp tcp port 21 Router(config)#end Router#
As we mentioned in the introduction to this chapter, the common FTP protocol includes IP address information in the packet payload. Cisco routers expect this, and rewrite the information appropriately. But some FTP servers use a nonstandard TCP port number, which means that NAT will break the protocol. So, in IOS Version 11.3, Cisco introduced the ability to look for FTP payload information on alternate TCP port numbers.
The example configures the router to expect FTP packets for the server 192.168.55.5 on both the default port number 21 and the nonstandard port number 8021. You can easily configure similar commands for other servers as well, or expand the access list to include several servers that all use the same nonstandard FTP port number.
Top |