01-26-2006 12:00 PM - edited 03-09-2019 01:45 PM
I put our new ASA5510 in production and it broke a third party application that we use! It's a program that uses FTP but it doesn't use the default FTP port 21 it uses some other port number, 6123, I think! It would not allow us to RECEIVE files from an external FTP server. In order to fix the application I had to remove the INSPECT FTP statement from the ASA5510 configuration! This fixed the problem with the third party application but now we can't receive files from the outside using a standard GUI FTP program that used to work! How can I get both apps to work properly? Thank you!
Solved! Go to Solution.
01-26-2006 03:05 PM
To change the default configuration for FTP inspection, perform the following steps:
Step 1 Name the traffic class by entering the following command in global configuration mode:
hostname(config)# class-map class_map_name
Replace class_map_name with the name of the traffic class, as in the following example:
hostname(config)# class-map ftp_port
When you enter the class-map command, the CLI enters the class map configuration mode, and the prompt changes, as in the following example:
hostname(config-cmap)#
Step 2 In the class map configuration mode, define the match command, as in the following example:
hostname(config-cmap)# match port tcp eq 23
hostname(config-cmap)# exit
hostname(config)#
To assign a range of continuous ports, enter the range keyword, as in the following example:
hostname(config-cmap)# match port tcp range 1023-1025
To assign more than one non-contiguous port for FTP inspection, enter the access-list command and define an access control entry to match each port. Then enter the match command to associate the access lists with the FTP traffic class.
Use the newly created class-map with service-policy command for the interface or add it to global service-policy
01-26-2006 03:05 PM
To change the default configuration for FTP inspection, perform the following steps:
Step 1 Name the traffic class by entering the following command in global configuration mode:
hostname(config)# class-map class_map_name
Replace class_map_name with the name of the traffic class, as in the following example:
hostname(config)# class-map ftp_port
When you enter the class-map command, the CLI enters the class map configuration mode, and the prompt changes, as in the following example:
hostname(config-cmap)#
Step 2 In the class map configuration mode, define the match command, as in the following example:
hostname(config-cmap)# match port tcp eq 23
hostname(config-cmap)# exit
hostname(config)#
To assign a range of continuous ports, enter the range keyword, as in the following example:
hostname(config-cmap)# match port tcp range 1023-1025
To assign more than one non-contiguous port for FTP inspection, enter the access-list command and define an access control entry to match each port. Then enter the match command to associate the access lists with the FTP traffic class.
Use the newly created class-map with service-policy command for the interface or add it to global service-policy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide