Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FTP fixup in reverse?

What are the configuration requirements to allow access to an inside FTP server from the outside? Does this work for passive mode?

FTP fixup handles the related connections and fixups for inside clients going to outside servers, but does it do the same for an inside server once the command path (tcp/21) connections is allowed outside-to-inside?

Active mode seems to work (inside source port 20 to outside ephemeral port) by default, but does passive mode?

1 REPLY
Bronze

Re: FTP fixup in reverse?

To allow access to an inside FTP server from outside, you would need the following:

static translation for the IP address of the FTP server.

access-list to permit traffic from outside to inside for the port TCP/21for the FTP server

fixup protocol ftp command to ask PIX to allow the data ports that will be negociated during the connection setup.

required routing

In passive mode, both control and data channels are initiated by the FTP client.

218
Views
0
Helpful
1
Replies
CreatePlease login to create content