Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

edw
New Member

FTP on Non Standard Port - PIX 7 or higher

Hi,

I'm having problems trying to get FTP working on sites with ports not 21 ? I have 2 FTP sites on my DMZ - FTP 21 works fine but FTP to say 1400 seems to fail IE doesn't get there.... logs show connectiong through PIX not being denied but then says TCP FIN entry ??

Any ideas?

I have tried removeing the inspection engine ?

Thanks

Ed

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: FTP on Non Standard Port - PIX 7 or higher

Hi Ed

You need the inspection engine, and you will also need to create a new class map for it. Take a look at:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1383679

...which goes into some detail on allowing ftp on port 1056.

HTH

Regards

Kev

3 REPLIES
New Member

Re: FTP on Non Standard Port - PIX 7 or higher

Hi Ed

You need the inspection engine, and you will also need to create a new class map for it. Take a look at:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1383679

...which goes into some detail on allowing ftp on port 1056.

HTH

Regards

Kev

edw
New Member

Re: FTP on Non Standard Port - PIX 7 or higher

Hi,

Thanks for point in the right direction.

Ed

edw
New Member

Re: FTP on Non Standard Port - PIX 7 or higher

Hi,

Unfortantly I'm having problems. I understand the consept however when I try to put it into practise it fails.

So I have specified the access-list for it and assigned it to the new class. I have added this class to the policy global_default

Nothing has changed thou ???

Does anyone have example config with this theory in ?

Thanks

Ed

126
Views
0
Helpful
3
Replies