Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

SFTP on CSS

Hi,

I have a doubt about the SFTP configuration on CSS. If I would like to configure the CSS in transparent mode regarding to SFTP protocol. I mean, without configuring ssl offload on CSS.

Moreover, is there a specific port that I have to configure for SFTP?

I hope I explained well. If not, I'm available for any question.

Thank you very much.

Best regards.

Giuseppe

1 ACCEPTED SOLUTION

Accepted Solutions

Re: SFTP on CSS

You cannot offload SFTP on CSS but Loadbalancing SFTP as LAyer 4 traffic should be fine.

SFTP is nothing but SSH (it doesnt use seperate control & data channels like FTP or FTPS)

SFTP works on port 22, so you need to configure a specific content rule on port 22 for the

SFTP traffic, and as I said earlier since SFTP traffic comes encrypted, the content

rule should be layer 4.

For example:

content sftp

protocol tcp

port 22

vip address 192.168.1.1

add service sftpserv1

add service sftpserv2

active

HTH

Syed Iftekhar Ahmed

3 REPLIES

Re: SFTP on CSS

You cannot offload SFTP on CSS but Loadbalancing SFTP as LAyer 4 traffic should be fine.

SFTP is nothing but SSH (it doesnt use seperate control & data channels like FTP or FTPS)

SFTP works on port 22, so you need to configure a specific content rule on port 22 for the

SFTP traffic, and as I said earlier since SFTP traffic comes encrypted, the content

rule should be layer 4.

For example:

content sftp

protocol tcp

port 22

vip address 192.168.1.1

add service sftpserv1

add service sftpserv2

active

HTH

Syed Iftekhar Ahmed

Community Member

Re: SFTP on CSS

Hi Syed,

Thank you very much for your help. I have only a question. When I configure the content rule for this service can I use the command "application-control ftp"?

I'd appreciate your answer.

Best regards.

Giuseppe.

Re: SFTP on CSS

You don't need to.

This command is use for FTP only. FTP uses two separate channels and this command ensures that CSS can read the server response and make apprpriate holes in CSS for data traffic. Its similar to inspect ftp in Firewall.

Syed Iftekhar Ahmed

334
Views
0
Helpful
3
Replies
CreatePlease to create content