ASA support of ftp AUTH command

ampowell · ‎04-14-2009

What support does the ASA provide for the ftp auth command? Is it possible to write an access list to permit some users to bypass ftps encryption while others are forced to use encryption? I would like my server to enforce ftp with ssl/tls. However, there are two old legacy scanners that would not be able to use certificates. Can the firewall be of any use in determining who must use ftps? I don't see anything in the ASA documentation to think there would be any assistance, but I thought I would ask anyway.

sadbulali · ‎04-20-2009

You can configure FTP authentication proxy in ASA. To enable FTP or Telnet authentication proxy, you must enable AAA services, configure the FTP or Telnet server, and enable authentication proxy. You can configure ACL under AAA configuration.

http://www.cisco.com/en/US/docs/ios/12_3/feature/guide/ftp_tel.html#wp1027188

ampowell · ‎04-21-2009

I am looking for recognition of the ftp "auth ssl" or "auth tls" commands. I would like examples of using ftp strict inspection in combination with access lists to define who must use auth ssl and others who would be exempt. I would also appreciate comments discussing whether this approach would really work to restrict who must use ftp over ssl.