Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
247
Views
0
Helpful
2
Replies

FTP in site to site tunnel

rodney.adams
Level 1
Level 1

‎02-10-2004 07:55 AM - edited ‎03-09-2019 06:22 AM

I have a tunnel set up between two pix that allows all traffic to pass. I want to only allow ftp traffic but when I add the appropriate line in my access list it breaks the connection. Any ideas?

Labels:
0 Helpful
2 Replies 2

owillins
Level 6
Level 6

‎02-16-2004 09:34 AM

Have you tried removing the the "sysopt connection permit-ipsec" command, and using only ACLs to permit traffic. It works sometimes.

0 Helpful

jackko
Level 7
Level 7
In response to owillins

‎02-16-2004 04:54 PM

by disabling the command 'sysopt connection permit-ipsec', all the vpn traffic will be examined on the outside interface of the pix. thus you will need to configure inbound access list.

access-l xxx permit tcp eq 20

access-l xxx permit tcp eq 21

access-g in inter outside

one thing should be noticed is that you would also need access list for remote vpn and other lan-to-lan vpn.

hope this helps

0 Helpful
Customers Also Viewed These Support Documents