Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Simple internal FTP access in IOS ACLs

I can't get access to my internal windows ftp server every time I apply an access list to the outside.

When I take out the ACL, everyone from the internet can access the internal FTp server (which is what we want).

What is the access list (or access lists) I need in order to allow this?

my internal IP is 10.33.33.5 255.255.255.0

It is a cisco router 1841 running IOS

thanks in advanced

1 REPLY

Re: Simple internal FTP access in IOS ACLs

This would depend on the mode used by the clients (ACTIVE OR PASV)?

For ACTIVE FTP you need to allow both 20 and 21 as the destination ports going to the server. For PASV you need to allow a lot, have a look here (this link is just to see the difference between ACTIVE/PASV):

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807ee585.shtml

And this is the actual link for all configs:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#activeftp

Regards

Farrukh

148
Views
0
Helpful
1
Replies
CreatePlease to create content