Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

ftp connected doesn't limit incoming connections

I have access lists set up for the serial side (group 100) and network side (group 101). The serial side group 100 access list uses the following:

access-list 100 permit tcp any eq ftp any connected

but this doesn't seem to prevent ftp logins on the web server (as intended), which is on the network side, from the internet, which is on the serial side.

The serial side is:interface Serial1/0

no ip address

ip access-group 100 out

shutdown

no fair-queue

This is on a Cisco 1751 router with 12.0 software.

Why doesn't it prevent incoming ftp connections?

1 REPLY
New Member

Re: ftp connected doesn't limit incoming connections

It would be more typical to have an "incoming" access list on your serial, do something like:

access-list 100 permit tcp any any connected

Also remember you have ftp and ftp-data to deal with, ftp is a very strange protocol in the way it handles circuit setup. The client connects to the server, and then the server connects to the client.

156
Views
0
Helpful
1
Replies
CreatePlease to create content