Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to allow ftp connections from external users through Cisco 2951?

Hi guys,

I would like to solicitate your help  so as to configure my router. I have a Cisco 2951 and I've been trying in vain to configure it so as to allow ftp connections through the router from external users.

Here is what I've done so far:

1. I created a firewall on the router

2. I configured NAT so as to allow external users to connect to my ftp server via my public address

3. I then modified the firewall policy and added new rules so as to allow configured Object groups to connect to the ftp server in the LAN. The Action here is Inspect and the service is ftp.

I then tried to connect to the ftp from the outside but it didn't work. I played with the parameters and tried different things. DIdn't work either. I think the above configs should be enough to allow incoming connection from the outside but why is it not working?I'm confused.

Can somebody please help?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Super Bronze

How to allow ftp connections from external users through Cisco 2

Hi,

Can you post the output of "sh run" from the 2951?

5 REPLIES
VIP Super Bronze

How to allow ftp connections from external users through Cisco 2

Hi,

Can you post the output of "sh run" from the 2951?

How to allow ftp connections from external users through Cisco 2

Hello Chundunsing,

Yes, please follow Reza request that would help us troubleshooting this firewall issue.Seems like you are running CBAC.

Just to let you know you have applied a Inspect FTP in the inside users so if they innitiate the connection the additional channels (ports) need by FTP to transfer data will be open dynamicly with no need of ACL on the outside allowing that connection.

But if what you want to do is to allow communication from the users on the outside (starting the connection) you will need to allow with an ACL on the outside (inbound direction) the packets going to the FTP server because that session is not being inspected.

Please rate helpful posts.

Have a good night.

Julio!!

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

How to allow ftp connections from external users through Cisco 2

Hi Julio,

Indeed you are right. I need to configure a rule to allow outside users to connect to the internal ftp server. Well, I have done that already.Don't know if there is something missing though. I am using zone-based firewall on the router. Please see the following screenshot.

What do you think is missing?

Thanks.

New Member

Re: How to allow ftp connections from external users through Cis

Hi Julio,

Indeed you are right. I need to configure a rule to allow outside users to connect to the internal ftp server. Well, I have done that already.Don't know if there is something missing though. I am using zone-based firewall on the router. Please see the following screenshot.

What do you think is missing?

Thanks.

How to allow ftp connections from external users through Cisco 2

Hello,

So it is a ZBFW implementation.

Can you post your router configuration, I would like to see the Nat statement.

The Policy-inspection seems to be the one required for this setup.

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
590
Views
4
Helpful
5
Replies
CreatePlease login to create content