Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2187
Views
0
Helpful
5
Replies

match active-ftp , match passive-ftp asa commands

Go to solution
plao
Cisco Employee
Cisco Employee

‎07-19-2011 04:16 PM - edited ‎03-11-2019 02:00 PM

From Command reference:

http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/m.html#wp2115726

match active-ftp and match passive-ftp commands

These command can be configured in an FTP class map or policy map.

Are these commands still valid? I can't locate these commands in my ASA running 8.4.1

ASA5505(config)# class-map type inspect ftp ftpcm

ASA5505(config-cmap)# match ?

mpf-class-map mode commands/options:
  filename         Match a filename for FTP transfer
  filetype         Match a filetype for FTP transfer
  not              Negate this match result
  request-command  Match a FTP request command
  server           Match a FTP server
  username         Match a FTP user

Thanks

Pat

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
varrao
Level 10
Level 10

‎07-19-2011 07:26 PM

Hi Plao,

The command is still there but you are looking at the wrong place, this is a policy-map command:

hostname(config)# policy-map type inspect ftp inspect-strict-ftp


hostname(config-pmap)# parameters


hostname(config-pmap-p)# match active-ftp 


hostname(config-pmap-p)# reset


hostname(config-pmap-p)# match passive-ftp


hostname(config-pmap-p)# reset log


hostname(config-pmap-p)# exit

You are looking under the class-map.

Hope this helps

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

0 Helpful
5 Replies 5

Go to solution
varrao
Level 10
Level 10

‎07-19-2011 07:26 PM

Hi Plao,

The command is still there but you are looking at the wrong place, this is a policy-map command:

hostname(config)# policy-map type inspect ftp inspect-strict-ftp


hostname(config-pmap)# parameters


hostname(config-pmap-p)# match active-ftp 


hostname(config-pmap-p)# reset


hostname(config-pmap-p)# match passive-ftp


hostname(config-pmap-p)# reset log


hostname(config-pmap-p)# exit

You are looking under the class-map.

Hope this helps

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
plao
Cisco Employee
Cisco Employee
In response to varrao

‎07-19-2011 08:15 PM

Thank you very much

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to plao

‎07-19-2011 08:18 PM

No Problem

Please mark this thread as answered and do rate helpful posts.

-Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
plao
Cisco Employee
Cisco Employee
In response to varrao

‎07-19-2011 08:37 PM

Humm, under my FTP inspect policy-map, parameters setting, I don’t see those match command?

ASA5540(config)# policy-map type inspect ftp strict


ASA5540(config-pmap)# parameters


ASA5540(config-pmap-p)# ?

MPF policy-map parameter configuration commands:
  exit             Exit from MPF policy-map parameter configuration submode
  help             Help for MPF policy-map parameter submode commands
  mask-banner      Mask greeting banner from FTP server
  mask-syst-reply  Mask reply to syst command
  no               Negate or set default values of a command
  quit             Exit from MPF policy-map parameter configuration submode


ASA5540(config-pmap-p)# match active-ftp
                                                        ^
ERROR: % Invalid input detected at '^' marker.
ASA5540(config-pmap-p)#

ASA5540(config-pmap-p)# sh ver

Cisco Adaptive Security Appliance Software Version 8.4(1)
Device Manager Version 6.4(1)

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to plao

‎07-19-2011 09:23 PM

Hi Plao,

I am on my way to office, would verify it on my firewall and let you know.

-Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card