08-07-2008 02:42 PM
Can servers sitting behind the ACE successfully ftp files if the following rules are in place?
access-list word line x extended permit tcp source destination eq 21
access-list word line y extended permit tcp source destination eq 20
With those lines I can establish an FTP session, but unable to transfer files.
With the following statement access-list word line x extended permit ip source destination, passive ftp works?
IS this because the ACE acl does not allow for stateful inspection of an FTP session?
Thank you
Solved! Go to Solution.
08-07-2008 03:20 PM
You are right lack of fixup/inspect is the reason for FTP connections to fail.
You need something in line with the following config
class-map match-all FTP-Traffic
2 match port tcp eq ftp
policy-map multi-match xyz
class FTP-Traffic
inspect ftp
Syed Iftekhar Ahmed
08-07-2008 03:20 PM
You are right lack of fixup/inspect is the reason for FTP connections to fail.
You need something in line with the following config
class-map match-all FTP-Traffic
2 match port tcp eq ftp
policy-map multi-match xyz
class FTP-Traffic
inspect ftp
Syed Iftekhar Ahmed
08-08-2008 10:54 AM
Awesome - works like a charm
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide