Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Configuring a pix to use port 2000 for FTP

I am trying to configure a pix to use port 2000 for FTP. How can this be done? this is a 515E with 7.0

thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Configuring a pix to use port 2000 for FTP

Port 2000 is Skinny, and you won't get ftp through it unless you disable skinny inspection on the fw.

no inspect skinny

5 REPLIES

Re: Configuring a pix to use port 2000 for FTP

Are you hosting the FTP server on the inside or DMZ? Is it listening on port 2000 or the default 21?

Community Member

Re: Configuring a pix to use port 2000 for FTP

The FTP server is on the DMZ and the clients are on the Inside. Other hosts within the DMZ are able to access the FTP server using port 2000. The Inside interface has a higher security level that the DMZ so Inside hosts should be able to access the DMZ without an access list. The FTP server is listening on port 2000, my config so far is

class-map ftp-class

match port tcp eq 2000

policy-map global-policy

!output omitted

class ftp-class

inspect ftp

service-policy global-policy global

thanks

Re: Configuring a pix to use port 2000 for FTP

Do you have an access list on the inside or DMZ interface that would block port 2000? Does other communications work between the 'inside' and the 'dmz'?

Green

Re: Configuring a pix to use port 2000 for FTP

If you have no communication between the inside and dmz, you probably need something like...

static (inside,dmz)

Re: Configuring a pix to use port 2000 for FTP

Port 2000 is Skinny, and you won't get ftp through it unless you disable skinny inspection on the fw.

no inspect skinny

167
Views
4
Helpful
5
Replies
CreatePlease to create content