cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
345
Views
4
Helpful
5
Replies

Configuring a pix to use port 2000 for FTP

mayambanzumba
Level 1
Level 1

I am trying to configure a pix to use port 2000 for FTP. How can this be done? this is a 515E with 7.0

thanks

1 Accepted Solution

Accepted Solutions

jan.nielsen
Level 7
Level 7

Port 2000 is Skinny, and you won't get ftp through it unless you disable skinny inspection on the fw.

no inspect skinny

View solution in original post

5 Replies 5

Collin Clark
VIP Alumni
VIP Alumni

Are you hosting the FTP server on the inside or DMZ? Is it listening on port 2000 or the default 21?

The FTP server is on the DMZ and the clients are on the Inside. Other hosts within the DMZ are able to access the FTP server using port 2000. The Inside interface has a higher security level that the DMZ so Inside hosts should be able to access the DMZ without an access list. The FTP server is listening on port 2000, my config so far is

class-map ftp-class

match port tcp eq 2000

policy-map global-policy

!output omitted

class ftp-class

inspect ftp

service-policy global-policy global

thanks

Do you have an access list on the inside or DMZ interface that would block port 2000? Does other communications work between the 'inside' and the 'dmz'?

If you have no communication between the inside and dmz, you probably need something like...

static (inside,dmz)

jan.nielsen
Level 7
Level 7

Port 2000 is Skinny, and you won't get ftp through it unless you disable skinny inspection on the fw.

no inspect skinny

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: