10-04-2009 04:56 AM
Hi,
How do I open up for my inside FTP server (192.168.100.14) from the outside interface on my Cisco SR520?
regards
Henrik Meyer
10-07-2009 01:37 PM
Henrik,
You can use CCA and set it up in a DMZ under "Configure>Security>Firewall & DMZ". From there you can Add a DMZ service, you'll be asked for the IP address and server type (FTP is in the drop-down list).
Hope this Helps!
Glenn
10-07-2009 11:29 PM
Hi,
Thanks. :)
I found out, when I tried with the CCA.. (I'm a CLI kind a guy) - but the FTP is on the Inside, not the DMZ - and that the CCA does not support.
Another thing - how do I open up for SSH and ICMP reply on the outside interface?
best regards
Henrik
10-08-2009 07:40 AM
Which SR520 are you using? Are you using the newest T-1 version?
10-08-2009 10:33 AM
I'm located in Europe, so we use the Ethernet version.
/Henrik
10-08-2009 03:03 PM
Henrik,
Thanks for the responses you've provided today. I asked which version you were using because I believe due to the complexity of your issues regarding the SR520-Ethernet, you would be best served by reaching out to TAC if you haven't already, and open a case to get the answers you're looking for. The TAC support engineers would be your best resource on the phone to help you out on these issues.
Best Regards,
Glenn
10-08-2009 08:06 AM
Henrik,
From your response then, I assume you are not using CCA to configure the SR520? With that said you'll have to configure Access List to allow the FTP and ICMP traffic. A good reference for that can be found by clicking here. As far as SSH is concerned, instructions to configure that can be found by clicking here. Keep in mind however, that making configuration changes with CCA MAY impact changes you've made with CLI and vice-versa, but it sounds like you would rather stick to CLI. BTW, SSH should be configured for you with CCA by default I believe, but the CLI instructions are here for your reference.
Let me know if this helps!
Best Regards,
Glenn
10-08-2009 09:27 AM
Hi Glenn,
Thanks again for a quick reply.
But sorry.. The links you have provided, is how you do "normal/old" ssh, access-list and so on.
SR520 uses Zone Based Firewall - and that is where my lack of knowledge starts.. I can do it the old way with blindfolds on.
I can use CCA to configure the DMZ/FTP thing and other basic things, so the Zone Based Firewall will work, but do I want to configure SSH or FTP/Inside, then the CCA can not do the trick and I have to use CLI - and I do not know how to make changes in the Zone Based Firewall configuration.
I Hope I do make my self clear :)
Regards
Henrik
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: