Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Router Configuration - Permit FTP traffic

Hello,

I have 2 Cisco 2600 routers in 2 office locations connected by a private line.

The routers will pass ftp traffic only.

In each office will be a server connected to the router that will pass ftp traffic.

What access list can I create on the Router that will allow ftp traffic only from the ip address of one specific host? What access list statement will be required to deny all traffic other than ftp?

Please advise.

Thank you

2 REPLIES
VIP Purple

Re: Router Configuration - Permit FTP traffic

Hello,

let us assume that the IP address of your FTP server is 192.168.1.1/24, your access list would look like this:

access-list 101 permit tcp host 192.168.1.1 any eq ftp

access-list 101 deny ip host 192.168.1.1 any

access-list 101 permit ip any any

The first line permits FTP traffic from your server to any destination. If you want the destination to be only the other FTP server, you can substitute the any keyword with the IP address of the other FTP server.

The second line denies all other traffic from the FTP server.

The third line allows all other traffic from other addresses.

Apply this access-list outbound to the interface where the FTP server is connected to, e.g.;

interface FastEthernet0

ip access-group 101 out

HTH,

Regards,

Georg

New Member

Re: Router Configuration - Permit FTP traffic

Since this isn't a pix you will also need to allow ftp-data and valid response traffic.

access-list 101 permit tcp host 192.168.1.1 host 192.168.2.1 eq ftp

access-list 101 permit tcp host 192.168.1.1 host 192.168.2.1 eq ftp-data

access-list 101 remark May need this line for valid response

access-list 101 permit tcp host 192.168.1.1 host 192.168.2.1 established

access-list 101 remark If the above doesn't work try this

access-list 101 permit tcp host 192.168.1.1 host 192.168.2.1 gt 1023

access-list 101 deny ip any any

238
Views
0
Helpful
2
Replies
CreatePlease to create content