Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1946
Views
0
Helpful
7
Replies

Cisco SR520 - open up for FTP server

Henrik Meyer
Level 1
Level 1

‎10-04-2009 04:56 AM

Hi,

How do I open up for my inside FTP server (192.168.100.14) from the outside interface on my Cisco SR520?

regards

Henrik Meyer

Labels:
0 Helpful
7 Replies 7

Glenn Quesenberry
Cisco Employee
Cisco Employee

‎10-07-2009 01:37 PM

Henrik,

     You can use CCA and set it up in a DMZ under "Configure>Security>Firewall & DMZ".  From there you can Add a DMZ service, you'll be asked for the IP address and server type (FTP is in the drop-down list).

Hope this Helps!

Glenn

0 Helpful

Henrik Meyer
Level 1
Level 1
In response to Glenn Quesenberry

‎10-07-2009 11:29 PM

Hi,

Thanks. :)

I found out, when I tried with the CCA.. (I'm a CLI kind a guy) - but the FTP is on the Inside, not the DMZ - and that the CCA does not support.

Another thing - how do I open up for SSH and ICMP reply on the outside interface?

best regards

Henrik

0 Helpful

Glenn Quesenberry
Cisco Employee
Cisco Employee
In response to Henrik Meyer

‎10-08-2009 07:40 AM

Which SR520 are you using?  Are you using the newest T-1 version?

0 Helpful

Henrik Meyer
Level 1
Level 1
In response to Glenn Quesenberry

‎10-08-2009 10:33 AM

I'm located in Europe, so we use the Ethernet version.

/Henrik

0 Helpful

Glenn Quesenberry
Cisco Employee
Cisco Employee
In response to Henrik Meyer

‎10-08-2009 03:03 PM

Henrik,

     Thanks for the responses you've provided today.  I asked which version you were using because I believe due to the complexity of your issues regarding the SR520-Ethernet,  you would be best served by reaching out to TAC if you haven't already, and open a case to get the answers you're looking for.  The TAC support engineers would be your best resource on the phone to help you out on these issues.

Best Regards,

Glenn

0 Helpful

Glenn Quesenberry
Cisco Employee
Cisco Employee
In response to Henrik Meyer

‎10-08-2009 08:06 AM

Henrik,

     From your response then, I assume you are not using CCA to configure the SR520?  With that said you'll have to configure Access List to allow the FTP and ICMP traffic.  A good reference for that can be found by clicking here.  As far as SSH is concerned, instructions to configure that can be found by clicking here.  Keep in mind however, that making configuration changes with CCA MAY impact changes you've made with CLI and vice-versa, but it sounds like you would rather stick to CLI.  BTW, SSH should be configured for you with CCA by default I believe, but the CLI instructions are here for your reference.

Let me know if this helps!

Best Regards,

Glenn

0 Helpful

Henrik Meyer
Level 1
Level 1
In response to Glenn Quesenberry

‎10-08-2009 09:27 AM

Hi Glenn,

Thanks again for a quick reply.

But sorry.. The links you have provided, is how you do "normal/old" ssh, access-list and so on.

SR520 uses Zone Based Firewall - and that is where my lack of knowledge starts.. I can do it the old way with blindfolds on.

I can use CCA to configure the DMZ/FTP thing and other basic things, so the Zone Based Firewall will work, but do I want to configure SSH or FTP/Inside, then the CCA can not do the trick and I have to use CLI - and I do not know how to make changes in the Zone Based Firewall configuration.

I Hope I do make my self clear :)

Regards

Henrik

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents