Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ftp forwarding on pix515e

Hi,

Could someone help me with configuring FTP port forwarding with pix515e?.

Have tried this setup:

static (inside,outside) tcp 203.175.x.x 20 10.130.x.x 20

static (inside,outside) tcp 203.175.x.x. 21 10.130.x.x. 21

Then added it to the allow list of access-list.

Here is the complete setup.

Public->Router----->PIX------>Router-->FTPServer

202.176.x.x->203.175.x.x->y.y.y.y->10.130.x.x

>I just need to port forward ftp traffic to 10.130.x.x from the web.

>is it possible if i will be pointing an ftp traffic to 203.175.x.x ip from the web then the pix will forward it to 10.130.x.x ftp server?

I already made a post, but unfortunately i have given the incomplete setup and the guys that had replied are not yet available as of this time.

Thanks

Cliff

3 REPLIES
New Member

Re: ftp forwarding on pix515e

Configure your statics without the port numbers.

static (inside,outside) 203.175.x.x 10.130.x.x

On the access-list permit ftp and ftp-data to the outside address.

access-list acl-in permit tcp any host 203.175.x.x eq ftp

access-list acl-in permit tcp any host 203.175.x.x eq ftp-data

Enable ftp fixup (PIX 6.x) or inspect ftp (PIX 7.x)

You need the static to not limit ports. This is to encompass both the initial control and data ports as well as high ports that will be used during the actual transfer. The fixup or inspect rule will allow stateful inspection and opening/closing of dynamic ports as required.

New Member

Re: ftp forwarding on pix515e

Hi,

Is it ok if I will be using and ip address within 203.175.x.x block that's not being used?.

Thanks

Cliff

New Member

Re: ftp forwarding on pix515e

Yes. Use an address within the subnet of the outside interface other than that of the PIX itself.

111
Views
5
Helpful
3
Replies