https://community.cisco.com/t5/application-networking/ldir-416-version-3-2-3-quot-assign-quot-problem/m-p/156401#M1909 <HTML><HEAD></HEAD><BODY><P>Hi Michele,</P><P>The best way out in this case would be to use a Router that supports Access Lists or a firewall that will permit or deny certain users and also for the specific ports. The configuration seems fine to me, however I have not been able to detect the cause for the FTP connection not working. You could also check if there is a bug related to this.</P><P></P></BODY></HTML> Thu, 17 Apr 2003 14:39:22 GMT owillins 2003-04-17T14:39:22Z https://community.cisco.com/t5/application-networking/ldir-416-version-3-2-3-quot-assign-quot-problem/m-p/156400#M1908 <P>After a long time of having all the virtual servers' ports open to any IP, I decided to restrict access to some of them to the IPs that needed them.</P><P></P><P>So I restricted access to the Terminal Server port (3389) only to the company's IP, but left the HTTP (80) and FTP (21) ports open to any IP.</P><P></P><P>However, after applying the change, the FTP port now appears to be blocked to any connection. The only way to unblock it is by restricting access to it to the company's IP, but in that case the other IPs won't be able to connect to it anyway. The HTTP port keeps working as usual.</P><P></P><P>Why did this happen, and how can I fix it?</P><P></P><P>Here is an example of what I had before the changes:</P><P></P><P>virtual &lt;virtual_server_ip&gt;:3389:0:tcp is</P><P>virtual &lt;virtual_server_ip&gt;:21:0:tcp is</P><P>virtual &lt;virtual_server_ip&gt;:80:0:tcp is</P><P>real &lt;real_server_ip&gt;:3389:0:tcp is</P><P>real &lt;real_server_ip&gt;:21:0:tcp is</P><P>real &lt;real_server_ip&gt;:80:0:tcp is</P><P>bind &lt;virtual_server_ip&gt;:3389:0:tcp &lt;real_server_ip&gt;:3389:0:tcp</P><P>bind &lt;virtual_server_ip&gt;:21:0:tcp &lt;real_server_ip&gt;:21:0:tcp</P><P>bind &lt;virtual_server_ip&gt;:80:0:tcp &lt;real_server_ip&gt;:80:0:tcp</P><P></P><P>And here is what I have after the changes:</P><P></P><P>virtual &lt;virtual_server_ip&gt;:3389:1:tcp is</P><P>virtual &lt;virtual_server_ip&gt;:21:0:tcp is</P><P>virtual &lt;virtual_server_ip&gt;:80:0:tcp is</P><P>real &lt;real_server_ip&gt;:3389:1:tcp is</P><P>real &lt;real_server_ip&gt;:21:0:tcp is</P><P>real &lt;real_server_ip&gt;:80:0:tcp is</P><P>bind &lt;virtual_server_ip&gt;:3389:1:tcp &lt;real_server_ip&gt;:3389:1:tcp</P><P>bind &lt;virtual_server_ip&gt;:21:0:tcp &lt;real_server_ip&gt;:21:0:tcp</P><P>bind &lt;virtual_server_ip&gt;:80:0:tcp &lt;real_server_ip&gt;:80:0:tcp</P><P>assign &lt;virtual_server_ip&gt;:3389:1:tcp &lt;company_ip&gt; 255.255.255.255</P><P></P><P>As expected, Terminal Server is now accessible only from the company's IP address, while the HTTP port is accessible from any IP. So should be the FTP port, but instead it doesn't work at all (connection failed).</P><P></P><P>Any help would be greatly appreciated.</P><P></P><P>Michele Lostia</P> Fri, 11 Apr 2003 11:36:17 GMT https://community.cisco.com/t5/application-networking/ldir-416-version-3-2-3-quot-assign-quot-problem/m-p/156400#M1908 webegg 2003-04-11T11:36:17Z https://community.cisco.com/t5/application-networking/ldir-416-version-3-2-3-quot-assign-quot-problem/m-p/156401#M1909 <HTML><HEAD></HEAD><BODY><P>Hi Michele,</P><P>The best way out in this case would be to use a Router that supports Access Lists or a firewall that will permit or deny certain users and also for the specific ports. The configuration seems fine to me, however I have not been able to detect the cause for the FTP connection not working. You could also check if there is a bug related to this.</P><P></P></BODY></HTML> Thu, 17 Apr 2003 14:39:22 GMT https://community.cisco.com/t5/application-networking/ldir-416-version-3-2-3-quot-assign-quot-problem/m-p/156401#M1909 owillins 2003-04-17T14:39:22Z