cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
657
Views
8
Helpful
6
Replies

Help with FTP port forwarding in PIX-515E

capajaron
Level 1
Level 1

Hi,

Can someone help me with ftp port forwarding config on PIX515E?

Sample:

Public IP--->PIX------------>Router------>FTP Server

202.176.x.x->PIX->10.233.x.x->Router->10.234.x.x->FTP Server

I only need to forward the ftp ports (20 & 21)only.

Thanks

Cliff

6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

On the pix

static (inside,outside) tcp 202.176.x.x 20 10.234.x.x 20

static (inside,outside) tcp 202.176.x.x. 21 10.234.x.x. 21

and obviously allow it in an access-list.

If 202.176.x.x is the public IP address of the pix external interface then replace the address with keyword interface in the above static's eg.

static (inside,outside) tcp interface 20 10.234.x.x 20

Jon

Hi jon,

I have tried the sample you gave but still it doesn't work, i guess i have given an incomplete details.

Here is the complete setup.

Public->Router----->PIX------>Router-->FTPServer

202.176.x.x->203.175.x.x->y.y.y.y->10.130.x.x

>I just need to port forward ftp traffic to 10.130.x.x from the web.

>Is it possible if i will be pointing an ftp traffic to 203.175.x.x ip from the web then the pix will forward it to 10.130.x.x ftp server? Also made a trace on 203.175.x.x and it will pass through 202.176.x.x Router, but the problem is it's not working.

Thanks

Cliff

Collin Clark
VIP Alumni
VIP Alumni

static (inside,outside) tcp 202.176.x.x 20 10.234.x.x 20 netmask 255.255.255.255

static (inside,outside) tcp 202.176.x.x 21 10.234.x.x 21 netmask 255.255.255.255

You'll also need to add access in your access list.

Hope that helps

UPDATE: Sorry Jon, you type faster than I do!

No problem Collin, happens to me all the time. I thought i was the slowest typist on NetPro :-)

gpulos
Level 8
Level 8

.

sdoremus33
Level 3
Level 3

After the config,you might want to verify via tcpdump on traffic.

On a Pix 515 you would issue the capture commmand Ex(See Below)

capture testcap . Then run a test FTP session and view the capture output.HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco