We have a PIX 515 with FOS v6.3. Below is an access list on the PIX. I would like to do a port range of 20 - 21 but when I try to use a range I keep getting an error. Can a port range be used with this type of access list?
access-list outside-in permit tcp any object-group DMZ_ftp eq 20-21
you could create an 'object-group' for the two tcp ports that you need. Add port-range 20 to 21 to this object-group and use the object-group in the access-list
object-group service 'my-group' tcp
port-object range 20 21
If rule is for allowing ftp traffic through the pix, you only need to allow the control port (tcp/21 or use the 'ftp' keyword) and the pix will automically/dynamically allow port tcp/20 for the data channel. Make sure that the 'fixup protocol ftp' is defined in the config of the pix to make this work.
This access list is being used for outside ftp access to servers on the DMZ. I created a network group object of servers which should have ftp access to them. By creating the network group I can use the group to specify ftp access to them with the one access list statement.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :