01-20-2003 08:34 PM - edited 03-09-2019 01:45 AM
Question:
My router is doing both static NAT and dynamic from a pool of public addresses. When I execute a sh ip nat trans command, the output shows most of my Inside local and global addresses, both static and dynamic, with a a following tcp port of 21. Why is that? Will I need to consider this when building my access-lists?
Thanks!
01-24-2003 11:53 AM
TCP 21 is FTP control, probably more users on your network are initiating file transfers.If you want users not to do any file transfers you can block them using access list.
01-24-2003 12:40 PM
Thanks for the reply.
I realize that 21 is the standard representation for FTP control, but every single nat translation on the inside has the :21 referenced after it and there is simply no possible way that every user on the network has initiated a file transfer? Any other thoughts or possibilities?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: