Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FTP on a nonstandard port

Hi everybody,

We have a Windows 2003 server running two FTP servers: one on port 21 for local IP phones and one on port 12345 for external access. I am interested in setting up the second server.

I test FTP on port 12345 on LAN and everything is fine. However I can not access it from the outside. We have a Cisco 877 ADSL router. I have mapped the port over with:

ip nat inside source static tcp 12345 interface dialer0 12345

And put this ACL on the dialer0 interface:

access-list 101 permit tcp any host eq 12345

When I use SmartFTP Client to open, it always says Connection refused by host. I also have:

ip inspect name MYFIREWALL ftp

Do I miss anything? I think the ip inspect command may only apply to the standard FTP port (i.e. 21) and it doesn't inspect FTP on my 12345 port. How can I define an FTP inspect on a nonstandard port?

Thank you for your help.



Re: FTP on a nonstandard port

the command you're looking for is "ip port-map"...

in your case:

ip port-map ftp 12345

I don't know if this will fix your problem, but there ya go.

New Member

Re: FTP on a nonstandard port

Thank you for the reply. I thought this could fix the problem and I just tried that command but it didn't.

Do you think of any other causes?

New Member

Re: FTP on a nonstandard port

Your other problem is that access list 101 is incorrect. You have applied it to the outside interface, so the addresses used must be the global addresses. You have used the local address ( the FTP server. The access list is evaluated before the NAT.


New Member

Re: FTP on a nonstandard port

Sorry I tried this, still not working. Has anyone have this issue before?

CreatePlease login to create content