×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

local ip ftp access

Unanswered Question
Mar 30th, 2004
User Badges:

I want to setup a local client to have the only ip addres with ftp access.


Do I have to create a static ip for the local ip address with a conduit to the foreign host ip?

Does fixup protocol 21 have to be enabled? My goal is to have only one local ip have access to ftp.


Thanks in advance.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
gfullage Tue, 03/30/2004 - 15:53
User Badges:
  • Cisco Employee,

Just create an access-list on your inside interface that only allows that one internal PC to FTP outbound. The PIX will use the standard nat/global (or whatever you have) as normal for this host, nothing needs to change there. Leave the fixup enabled also.


Do something like the following:


access-list outbound permit tcp host any eq ftp

access-list outbound permit tcp host any eq ftp-data

access-list outbound deny tcp any any eq ftp

access-list outbound deny tcp any any eq ftp-data

access-list outbound permit ip any any


access-group outbound in interface inside

acira Wed, 03/31/2004 - 08:39
User Badges:

That did the trick.


I just created the outbound deny and then followed up with the outbound permits.


You've been a big help.


Thanks again.

Actions

This Discussion