Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Use of an alternate ftp data port

PIX 515E

Code: 7.01

I currently have ftp open to several users for web site updates. I need another ftp site open to a different directory on my web server and am using port 1056 for control. How do I specify the alternate data port ?


New Member

Re: Use of an alternate ftp data port

Hmmm, thats a very good question.

As you are probably well aware, with 'inspect ftp' the PIX looks at the dynamically assigned data ports, with packet inspection over the control port (21), and opens up these data ports on the PIX for the file/data transfer.

Have you tried:

class-map ftp_port_1056

match tcp port eq 1056

policy-map new_ftp_port_1056

class ftp_port_1056

inspect ftp

You then bind the policy-map to a new or existing service-policy.

The effect this has is to perform ftp packet inspection on tcp port 1056 (your new control port) the same as it does for port 21 (the default control port for ftp). The PIX should then open up the dynamically assigned tcp ports for the data transfer, as they are specified in the control packets that traverse the PIX.

Hope this helps.


CreatePlease to create content