Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FTP not working when ACL is applied on outside interface

Hi Everyone,

I am trying to FTP  from the PC  behind the DMZ  interface.

I have config the ACL to allow FTP from outside interface direction is outside.

I can make the FTP work by config of ACL on the DMZ interface but i want to test it so that it can work from my PC behind DMZ interface when i apply ACL on the  outside interface direction is out.

I have attached the asa config.

Need to know if there is any way under current config that FTP can work without applying ACL to DMZ interface?

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Purple

Re: FTP not working when ACL is applied on outside interface

I can't look at your config at the moment (doesn't work on the iPad), but one alternative to an ACL on the DMZ interface could be to use a global ACL.


Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
VIP Purple

FTP not working when ACL is applied on outside interface

Apply that acl in incoming direction on outside interface.

no, the ASA is a statefull Firewall with FTP-Inspection. You never need an incoming ACL in the outside interface for outbound FTP when you have a proper config.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
4 REPLIES
VIP Purple

Re: FTP not working when ACL is applied on outside interface

I can't look at your config at the moment (doesn't work on the iPad), but one alternative to an ACL on the DMZ interface could be to use a global ACL.


Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

FTP not working when ACL is applied on outside interface

Hi Mahesh,

Apply that acl in incoming direction on outside interface.

Cheers

Pankaj

VIP Purple

FTP not working when ACL is applied on outside interface

Apply that acl in incoming direction on outside interface.

no, the ASA is a statefull Firewall with FTP-Inspection. You never need an incoming ACL in the outside interface for outbound FTP when you have a proper config.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

FTP not working when ACL is applied on outside interface

Hi Karsten,

Your answers are good to read and they  have so much knowledge.

For time being i allowed ftp to any destination from DMZ  but on outbound interface direction out  i have restricted it with

certain IP  which are allowed.

Best regards

Mahesh

193
Views
0
Helpful
4
Replies
CreatePlease login to create content