Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Disable 'Inspect FTP' for one flow

Hi everybody,

I have the global service policy enabled on my internet ASA5510:

class-map global-class
match default-inspection-traffic


policy-map global-policy
class global-class
inspect ftp

inspect http

inspect bla bla..


I just wanna disable the inspect FTP for tone connection between two IP addresses. I configured a new service policy for that connection where there is no inspect FTP allowed. Is that correct?

Thanks.

4 REPLIES
Cisco Employee

Re: Disable 'Inspect FTP' for one flow

Hi,

What you can do is remove inspect ftp that you have configured already. then create an access-list denying the traffic you do not want to be inspected and "permit ip any any" following that. Specify this class-map under the global_policy and put it an "inspect ftp" over there. Let me know if this works!

Thanks and Regards,

Prapanch

Cisco Employee

Re: Disable 'Inspect FTP' for one flow

To put Prapanch suggestion in CLI commands

---

access-list ftp-acl deny tcp eq 21

access-list ftp-acl permit tcp any any eq 21

class-map ftp-cm

  match access-l ftp-acl

policy-map global-policy

class ftp-cm

   inspect ftp

class global-class

   inspect http

   inspect bla bla

---
I hope it helps.
PK

Re: Disable 'Inspect FTP' for one flow

Thanks guys. Appreciated.

I'm gonna test it by the next mid-week.

cheers

Cisco Employee

Re: Disable 'Inspect FTP' for one flow

After you do, feel free to come back and rate the thread for others' future benefit.

PK

544
Views
0
Helpful
4
Replies