Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

FTP server behind a IOS firewall

I need to install a FTP server behind an existing IOS firewall.

The FTP server must allow PASV operation, and has a static NAT address to the outside interface.

Can anyone advise the port numbers that I have to allow in the access lists to allow clients to connect from outside in passive mode??

Thanks in advance for your assistance

5 REPLIES
New Member

Re: FTP server behind a IOS firewall

On the outside interface you have to allow TCP port 21. With 'fixup protocol ftp 21' enabled, the PIX will ensure that the correct data channels are opened.

New Member

Re: FTP server behind a IOS firewall

This is true, but I have an IOS firewall - not a PIX.

The 'fixup protocol' command is not recognised - do you know if there is an equivalent command for IOS firewall ?

New Member

Re: FTP server behind a IOS firewall

Also if using a non standard port (ie: 351 vice 21) is there a specific data port/channel that must be associated in order for ftp to properly operate or can that data port/channel be assigned as well when dealing with an IOS firewall?

New Member

Re: FTP server behind a IOS firewall

You're right. For the IOS firewall (CBAC) you need the 'ip inspect name 'name' ftp' command. This will do the same as the PIX 'fixup protocol' command.

New Member

Re: FTP server behind a IOS firewall

Created a 'ip inspect name' listing and applied it to the external interface.

Worked like a charm.

Thanks for your help.

225
Views
0
Helpful
5
Replies