topic Re: ASA support of ftp AUTH command in Network Security

ASA support of ftp AUTH command

ampowell — Mon, 11 Mar 2019 15:18:22 GMT

What support does the ASA provide for the ftp auth command? Is it possible to write an access list to permit some users to bypass ftps encryption while others are forced to use encryption? I would like my server to enforce ftp with ssl/tls. However, there are two old legacy scanners that would not be able to use certificates. Can the firewall be of any use in determining who must use ftps? I don't see anything in the ASA documentation to think there would be any assistance, but I thought I would ask anyway.

Re: ASA support of ftp AUTH command

sadbulali — Mon, 20 Apr 2009 23:49:54 GMT

You can configure FTP authentication proxy in ASA. To enable FTP or Telnet authentication proxy, you must enable AAA services, configure the FTP or Telnet server, and enable authentication proxy. You can configure ACL under AAA configuration.

http://www.cisco.com/en/US/docs/ios/12_3/feature/guide/ftp_tel.html#wp1027188

Re: ASA support of ftp AUTH command

ampowell — Tue, 21 Apr 2009 13:11:21 GMT

I am looking for recognition of the ftp "auth ssl" or "auth tls" commands. I would like examples of using ftp strict inspection in combination with access lists to define who must use auth ssl and others who would be exempt. I would also appreciate comments discussing whether this approach would really work to restrict who must use ftp over ssl.