Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

FTP in site to site tunnel

I have a tunnel set up between two pix that allows all traffic to pass. I want to only allow ftp traffic but when I add the appropriate line in my access list it breaks the connection. Any ideas?

2 REPLIES
Silver

Re: FTP in site to site tunnel

Have you tried removing the the "sysopt connection permit-ipsec" command, and using only ACLs to permit traffic. It works sometimes.

Gold

Re: FTP in site to site tunnel

by disabling the command 'sysopt connection permit-ipsec', all the vpn traffic will be examined on the outside interface of the pix. thus you will need to configure inbound access list.

access-l xxx permit tcp eq 20

access-l xxx permit tcp eq 21

access-g in inter outside

one thing should be noticed is that you would also need access list for remote vpn and other lan-to-lan vpn.

hope this helps

92
Views
0
Helpful
2
Replies