https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547507#M605406 <HTML><HEAD></HEAD><BODY><P>hi,</P><P></P><P><A href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/objectgroups.html">http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/objectgroups.html</A></P></BODY></HTML> Thu, 02 Dec 2010 21:02:31 GMT cadet alain 2010-12-02T21:02:31Z https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547501#M605400 <P>Noob here. I want to allow an ftp site for our users. I know how to do it via ASDM but have been wanting to use CLI.Looked online but haven't been able to find what i'm looking for.</P> Mon, 11 Mar 2019 19:16:57 GMT https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547501#M605400 1salvarez 2019-03-11T19:16:57Z https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547502#M605401 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>To allow FTP traffic you need a static NAT rule to allow access to the FTP server and an ACL allowing the ports.</P><P></P><P>i.e.</P><P>Let's say your internal FTP is 10.1.1.1 and the public IP will be 200.1.1.1</P><P></P><P>So, you requiere a static translation rule (ASDM or CLI) and an ACL permitting FTP from any source to the public IP.</P><P></P><P>If you want to do it via CLI you can post the following:</P><P></P><P>sh run static</P><P>sh run access-group</P><P>sh run access-list NAME&nbsp;&nbsp; --&gt; change NAME for the name of the ACL applied to the outside interface</P><P></P><P>Federico.</P></BODY></HTML> Tue, 30 Nov 2010 20:21:01 GMT https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547502#M605401 Federico Coto Fajardo 2010-11-30T20:21:01Z https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547503#M605402 <HTML><HEAD></HEAD><BODY><P>Thanx</P></BODY></HTML> Thu, 02 Dec 2010 19:50:01 GMT https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547503#M605402 1salvarez 2010-12-02T19:50:01Z https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547504#M605403 <HTML><HEAD></HEAD><BODY><P>What is the IP of the FTP server behind the ASA?</P><P></P><P>Adding to the list you will need:</P><P></P><P>static (in,out) tcp PUBLIC_IP 21 PRIVATE_IP 21</P><P>access-list outside_access_in permit tcp any host PUBLIC_IP eq 21</P><P></P><P>Federico.</P></BODY></HTML> Thu, 02 Dec 2010 19:56:21 GMT https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547504#M605403 Federico Coto Fajardo 2010-12-02T19:56:21Z https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547505#M605404 <HTML><HEAD></HEAD><BODY><P>We dont have FTP server. This is for ftp sites that we need to access</P><P>. For example thru ASDM to allow acces to an FTP site I would go to Configuration&gt;Firewall&gt;Objects&gt;Network Objects/Groups&gt; and I'll add the IP and name.</P><P></P><P><IMG src="https://community.cisco.com/" /></P><P>See attached.</P></BODY></HTML> Thu, 02 Dec 2010 20:29:32 GMT https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547505#M605404 1salvarez 2010-12-02T20:29:32Z https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547506#M605405 <HTML><HEAD></HEAD><BODY><P>If it's to allow outbound FTP access to an external server, you should add the IP of the server to the object-group.</P><P></P><P>If from an internal computer you try to connect to this new FTP server what happen?</P><P>Can you reach it via telnet x.x.x.x 2?</P><P></P><P>Federico.</P></BODY></HTML> Thu, 02 Dec 2010 20:58:54 GMT https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547506#M605405 Federico Coto Fajardo 2010-12-02T20:58:54Z https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547507#M605406 <HTML><HEAD></HEAD><BODY><P>hi,</P><P></P><P><A href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/objectgroups.html">http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/objectgroups.html</A></P></BODY></HTML> Thu, 02 Dec 2010 21:02:31 GMT https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547507#M605406 cadet alain 2010-12-02T21:02:31Z https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547508#M605407 <HTML><HEAD></HEAD><BODY><P>Thanx for your help guys. That doc looks like what</P><P> I am looking for.</P></BODY></HTML> Fri, 03 Dec 2010 17:43:44 GMT https://community.cisco.com/t5/network-security/allow-ftp-site/m-p/1547508#M605407 1salvarez 2010-12-03T17:43:44Z