Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

how to redirect a ftp request..


I have a 1721 router with tcp21 port open for incoming ftp requests.

This router is connected to headquarters using a vpn aes256 connection and then at headquarters is the ftp server.

How do i have to configure my router to redirect requests made to my router to the ftp server using the vpn connection?

Best regards

Cisco Employee

Re: how to redirect a ftp request..

Is the ftp server a public ip or private ip address ?

Requests coming from internet must be estined for public ip, so I assume the ftp server has a public ip and is located on the far end of the tunnel.

Try using policy based routing.

You need to configure the crypto acl on the tunnel as :

access-list 101 permit ip any host

Create an ACl for PBR :

access-list 102 permit tcp any eq 20

access-list 102 permit tcp any eq 21

Create a loopback intf:

int loopback 1

ip address


Create a route-map for PBR :

route-map pol permit 10

match ip address 102

set ip next-hop


Apply the route-map to the Outside Interface of the router:

int fasteth0/0

ip policy route-map pol


ip route

So, this way, any request for the ftp server ip address, will be frst checked against the policy , and will be routed to loopback, and then back to outside interfae, without natting.

It will be then encrypted and will be sent aross the tunnel.

*Please rate if this helped.


New Member

Re: how to redirect a ftp request..


Now we are working only with one public ip,, but I?ve to implement a second ip address to an another router.

These routers are connected by vpn line, first is and the second one(ftp2)has

The second router has no nats configured..only it?d have 21 for ftp2.

what would be the best configuration??

Cisco Employee

Re: how to redirect a ftp request..

Adding to Kanishka's suggestion, the crypto ACL for the tunnel should include the following rule :

access-list permit tcp any eq 21

and its reflection on the other end.


Please rate if it helps,



New Member

Re: how to redirect a ftp request..


I've attached my routers configuration.There is a new nat entry because there was not any thing abut this.

Then what more have I to include?

best regards

New Member

Re: how to redirect a ftp request..


Any answer here about my problem??

Best regards