FTP on Non Standard Port - PIX 7 or higher

Answered Question
Nov 21st, 2007

Hi,

I'm having problems trying to get FTP working on sites with ports not 21 ? I have 2 FTP sites on my DMZ - FTP 21 works fine but FTP to say 1400 seems to fail IE doesn't get there.... logs show connectiong through PIX not being denied but then says TCP FIN entry ??

Any ideas?

I have tried removeing the inspection engine ?

Thanks

Ed

I have this problem too.
0 votes
Correct Answer by kagodfrey about 9 years 2 weeks ago

Hi Ed

You need the inspection engine, and you will also need to create a new class map for it. Take a look at:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1383679

...which goes into some detail on allowing ftp on port 1056.

HTH

Regards

Kev

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
edw Wed, 11/21/2007 - 08:19

Hi,

Thanks for point in the right direction.

Ed

edw Thu, 12/13/2007 - 09:15

Hi,

Unfortantly I'm having problems. I understand the consept however when I try to put it into practise it fails.

So I have specified the access-list for it and assigned it to the new class. I have added this class to the policy global_default

Nothing has changed thou ???

Does anyone have example config with this theory in ?

Thanks

Ed

Actions

This Discussion