Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

how to redirect a ftp request..

Hi,

I have a 1721 router with tcp21 port open for incoming ftp requests.

This router is connected to headquarters using a vpn aes256 connection and then at headquarters is the ftp server.

How do i have to configure my router to redirect requests made to my router to the ftp server using the vpn connection?

Best regards

5 REPLIES
Cisco Employee

Re: how to redirect a ftp request..

Is the ftp server a public ip or private ip address ?

Requests coming from internet must be estined for public ip, so I assume the ftp server has a public ip and is located on the far end of the tunnel.

Try using policy based routing.

You need to configure the crypto acl on the tunnel as :

access-list 101 permit ip any host

Create an ACl for PBR :

access-list 102 permit tcp any eq 20

access-list 102 permit tcp any eq 21

Create a loopback intf:

int loopback 1

ip address 1.1.1.1 255.255.255.0

exit

Create a route-map for PBR :

route-map pol permit 10

match ip address 102

set ip next-hop 1.1.1.2

exit

Apply the route-map to the Outside Interface of the router:

int fasteth0/0

ip policy route-map pol

exit

ip route

So, this way, any request for the ftp server ip address, will be frst checked against the policy , and will be routed to loopback, and then back to outside interfae, without natting.

It will be then encrypted and will be sent aross the tunnel.

*Please rate if this helped.

-Kanishka

New Member

Re: how to redirect a ftp request..

Hi,

Now we are working only with one public ip, ftp.mycompany.com, but I?ve to implement a second ip address ftp2.mycompany.com to an another router.

These routers are connected by vpn line, first is 192.168.156.254 and the second one(ftp2)has 192.168.154.254.

The second router has no nats configured..only it?d have 21 for ftp2.

what would be the best configuration??

Cisco Employee

Re: how to redirect a ftp request..

Adding to Kanishka's suggestion, the crypto ACL for the tunnel should include the following rule :

access-list permit tcp any eq 21

and its reflection on the other end.

HTH,

Please rate if it helps,

Regards,

Kamal

New Member

Re: how to redirect a ftp request..

Hi,

I've attached my routers configuration.There is a new nat entry because there was not any thing abut this.

Then what more have I to include?

best regards

New Member

Re: how to redirect a ftp request..

Hi,

Any answer here about my problem??

Best regards

323
Views
0
Helpful
5
Replies