Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5714
Views
0
Helpful
2
Replies

ftp passive mode

Go to solution
mekael.itzik
Level 1
Level 1

‎10-23-2009 06:47 PM - edited ‎03-11-2019 09:31 AM

ASA 5505 Version 8.2(1)

Hi,

I have one PC that has to connect to public FTP in passive mode.

But if I understand right in pasive mode PC connects

to randomally data port of server.

What do I have to specify in confoguration of ASA 5505:

Open for PC all ports of specified FTP address

or to give range of data ports that server assigns randomally.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Patrick0711
Level 3
Level 3

‎10-23-2009 07:54 PM

Enable the FTP inspection in the global policy-map. This will dynamically open the PASV port ranges will NAT the PASV IP to it's public counterpart if necessary.

With this configuration, you will only need to open port 21 inbound for each host that is to connect via FTP.

policy-map global_policy

class inspection_default

inspect ftp

This link explain the fixup protocol

http://www.ciscopress.com/articles/article.asp?p=24685

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Patrick0711
Level 3
Level 3

‎10-23-2009 07:54 PM

Enable the FTP inspection in the global policy-map. This will dynamically open the PASV port ranges will NAT the PASV IP to it's public counterpart if necessary.

With this configuration, you will only need to open port 21 inbound for each host that is to connect via FTP.

policy-map global_policy

class inspection_default

inspect ftp

This link explain the fixup protocol

http://www.ciscopress.com/articles/article.asp?p=24685

0 Helpful

Go to solution
mekael.itzik
Level 1
Level 1
In response to Patrick0711

‎10-24-2009 05:59 AM

Thank you , it works!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card