10-23-2009 06:47 PM - edited 03-11-2019 09:31 AM
ASA 5505 Version 8.2(1)
Hi,
I have one PC that has to connect to public FTP in passive mode.
But if I understand right in pasive mode PC connects
to randomally data port of server.
What do I have to specify in confoguration of ASA 5505:
Open for PC all ports of specified FTP address
or to give range of data ports that server assigns randomally.
Solved! Go to Solution.
10-23-2009 07:54 PM
Enable the FTP inspection in the global policy-map. This will dynamically open the PASV port ranges will NAT the PASV IP to it's public counterpart if necessary.
With this configuration, you will only need to open port 21 inbound for each host that is to connect via FTP.
policy-map global_policy
class inspection_default
inspect ftp
This link explain the fixup protocol
10-23-2009 07:54 PM
Enable the FTP inspection in the global policy-map. This will dynamically open the PASV port ranges will NAT the PASV IP to it's public counterpart if necessary.
With this configuration, you will only need to open port 21 inbound for each host that is to connect via FTP.
policy-map global_policy
class inspection_default
inspect ftp
This link explain the fixup protocol
10-24-2009 05:59 AM
Thank you , it works!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: