Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Allowing Passive FTP connections on the ASA5540

I am attempting to establish an FTP connection with an outside vendor FTP

server in order to download software patches. The vendor's FTP server switches to Passive FTP mode which means my client has to reconnect to the server using high ports for both the source and destination. The only way that I have found to get the connection to work is to

configure an ACE on my Inside interface ACL that allows an "any to any" connection using tcp ports >1023. To me, this causes a conflict with my security policies as any other connection, to a potentially malicious server, can be created.

What is the recommended way to get Passive FTP to work without compromising security? I have FTP mode passive enabled on the ASA and also have FTP Passive enabled within my

browser.

Thanks,

Keith

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Allowing Passive FTP connections on the ASA5540

"fixup protocol ftp 21".

That will fix your problem without compromising security.

Easy right?

2 REPLIES
Silver

Re: Allowing Passive FTP connections on the ASA5540

"fixup protocol ftp 21".

That will fix your problem without compromising security.

Easy right?

New Member

Re: Allowing Passive FTP connections on the ASA5540

Yes, this was easy and resolved my problem. I really appreciate the assistance.

Thanks,

Keith

198
Views
0
Helpful
2
Replies
CreatePlease to create content