Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
934
Views
2
Helpful
7
Replies

CSS and non standard ftp port

Go to solution
clayton-price
Level 1
Level 1

‎09-08-2004 01:21 PM

We have an ftp server running on port 10021. Is there a way to have the CSS translate the IP in the payload when not using port 21? On an IOS router one can use the ip nat service command. I have not seen anything like this on the CSS.

We currently have a VIP and a sourcegroup with matching IP's configured for the ftp server.

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎09-09-2004 04:15 AM

Clayton,

try to use the command 'application ftp' in the content rule definition.

Regards,

Gilles.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
kevin.graham
Level 1
Level 1

‎09-08-2004 10:01 PM

You'll need to move the FTP server to a standard port for now. See CSCeb22950.

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to kevin.graham

‎09-09-2004 04:14 AM

Kevin, this bug applies to CSM - not CSS.

Gilles.

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎09-09-2004 04:15 AM

Clayton,

try to use the command 'application ftp' in the content rule definition.

Regards,

Gilles.

0 Helpful

Go to solution
clayton-price
Level 1
Level 1
In response to Gilles Dufour

‎09-09-2004 07:05 AM

That seemed to resolve the fact that the address in the ftp payload was not being translated. However....Our ftp server is configured to tell clients to connect on ports 8550-8650. It seems that the content switch is passing a port outside this range back to the client. The CSS then maps the port it sent to the client to a port in the range of 8550-8650. Is there a way to have the CSS pass the port specified by the server?

Thanks!

Clayton

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to clayton-price

‎09-09-2004 11:38 PM

Clayton,

this is normal behavior.

CSS changes TCP ports.

There is no way to prevent this.

Gilles.

0 Helpful

Go to solution
jnorman
Level 1
Level 1

‎09-09-2004 07:51 AM

Configure your VIP for port 21 traffic and the service for port 10021.

service HP17_5001

ip address 10.254.236.7

protocol tcp

port 10051

active

content DDN1

vip address 192.67.251.15

port 21

protocol tcp

add service HP17_5001

application ftp-control

active

Hope ths helps.

0 Helpful

Go to solution
clayton-price
Level 1
Level 1
In response to jnorman

‎09-09-2004 11:02 AM

I appreciate all the responses! In this case the CSS is also translating the high order port the server informs clients to connect to.

I'm likely going to configure a port 21 VIP in addition to the port 10021 VIP in order to get around some other firewall issues.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card