Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Outbound FTP not working

This is driving me crazy. The rest of the ACL works fine, but FTP does not..

Here is my ACL:

access-list inside_access_out permit tcp PrivateHosts 255.255.254.0 any eq www

access-list inside_access_out permit tcp PrivateHosts 255.255.254.0 any eq https

access-list inside_access_out permit icmp any any echo

access-list inside_access_out permit icmp any any echo-reply

access-list inside_access_out permit icmp any any unreachable

access-list inside_access_out permit icmp any any time-exceeded

access-list inside_access_out permit tcp PrivateHosts 255.255.254.0 eq ftp-data any

access-list inside_access_out permit tcp PrivateHosts 255.255.254.0 eq ftp any

Here is the syslog result:

(this IP is in the "PrivateHosts" range)

Deny tcp src inside:10.10.0.89/1404 dst outside:137.192.98.59/21 by access-group "inside_access_out"

Any help would be appreciated!

Thanks,

-Tim

2 REPLIES
Silver

Re: Outbound FTP not working

ccess-list inside_access_out permit tcp PrivateHosts 255.255.254.0 eq ftp-data any

access-list inside_access_out permit tcp PrivateHosts 255.255.254.0 eq ftp any

1. Is 10.10.0.89 in the private hosts object?

2. Your rule allows private hosts to make tcp connections from private hosts from ports 20 and 21 to anything.

You probably want:

access-list inside_access_out permit tcp PrivateHosts 255.255.254.0 any eq ftp-data

access-list inside_access_out permit tcp PrivateHosts 255.255.254.0 any eq ftp

New Member

Re: Outbound FTP not working

You are correct. I had it backwards. Thanks for pointing that out!

-Tim

229
Views
0
Helpful
2
Replies
CreatePlease to create content