Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allowing active FTP on a router

Hi, I am wanting to allow active FTP traffic to pass through my router, however, I am not too sure how to do this. An access list wouldn't quite work seeing as though the port on the client side is random.

My other thought was to use ip insepct's FTP command but was not too sure if it would keep track of the appropriate port numbers?

Any information would be much appreciated.

Thank you.

1 REPLY

Re: Allowing active FTP on a router

Hi Voiper,

try the following access-list it worked out for me.

interface serial 0/0/0

ip access-group 101 out

access-list 101 permit tcp host host eq 20

access-list 101 permit tcp host host eq 21

access-list 101 deny ip host any

access-list 101 permit ip any any

lemme know your feed back on this & if the above ACL fails, try the below one, because you have mentioned that the client side it takes the random ports

access-list 101 permit tcp host host eq 21

access-list 101 permit tcp host host range 1025 65535

access-list 101 deny ip host any

access-list 101 permit ip any any

186
Views
0
Helpful
1
Replies