Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

local ip ftp access

I want to setup a local client to have the only ip addres with ftp access.

Do I have to create a static ip for the local ip address with a conduit to the foreign host ip?

Does fixup protocol 21 have to be enabled? My goal is to have only one local ip have access to ftp.

Thanks in advance.

2 REPLIES
Cisco Employee

Re: local ip ftp access

Just create an access-list on your inside interface that only allows that one internal PC to FTP outbound. The PIX will use the standard nat/global (or whatever you have) as normal for this host, nothing needs to change there. Leave the fixup enabled also.

Do something like the following:

access-list outbound permit tcp host any eq ftp

access-list outbound permit tcp host any eq ftp-data

access-list outbound deny tcp any any eq ftp

access-list outbound deny tcp any any eq ftp-data

access-list outbound permit ip any any

access-group outbound in interface inside

New Member

Re: local ip ftp access

That did the trick.

I just created the outbound deny and then followed up with the outbound permits.

You've been a big help.

Thanks again.

90
Views
5
Helpful
2
Replies
CreatePlease to create content