Solved: FTP on Non Standard Port - PIX 7 or higher

edw · ‎11-21-2007

Hi,

I'm having problems trying to get FTP working on sites with ports not 21 ? I have 2 FTP sites on my DMZ - FTP 21 works fine but FTP to say 1400 seems to fail IE doesn't get there.... logs show connectiong through PIX not being denied but then says TCP FIN entry ??

Any ideas?

I have tried removeing the inspection engine ?

Thanks

Ed

kagodfrey · ‎11-21-2007

Hi Ed

You need the inspection engine, and you will also need to create a new class map for it. Take a look at:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1383679

...which goes into some detail on allowing ftp on port 1056.

HTH

Regards

Kev

View solution in original post

kagodfrey · ‎11-21-2007

Hi Ed

You need the inspection engine, and you will also need to create a new class map for it. Take a look at:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1383679

...which goes into some detail on allowing ftp on port 1056.

HTH

Regards

Kev

edw · ‎11-21-2007

Hi,

Thanks for point in the right direction.

Ed

edw · ‎12-13-2007

Hi,

Unfortantly I'm having problems. I understand the consept however when I try to put it into practise it fails.

So I have specified the access-list for it and assigned it to the new class. I have added this class to the policy global_default

Nothing has changed thou ???

Does anyone have example config with this theory in ?

Thanks

Ed