11-30-2010 12:00 PM - edited 03-11-2019 12:16 PM
Noob here. I want to allow an ftp site for our users. I know how to do it via ASDM but have been wanting to use CLI.Looked online but haven't been able to find what i'm looking for.
Solved! Go to Solution.
11-30-2010 12:21 PM
Hi,
To allow FTP traffic you need a static NAT rule to allow access to the FTP server and an ACL allowing the ports.
i.e.
Let's say your internal FTP is 10.1.1.1 and the public IP will be 200.1.1.1
So, you requiere a static translation rule (ASDM or CLI) and an ACL permitting FTP from any source to the public IP.
If you want to do it via CLI you can post the following:
sh run static
sh run access-group
sh run access-list NAME --> change NAME for the name of the ACL applied to the outside interface
Federico.
12-02-2010 01:02 PM
hi,
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/objectgroups.html
11-30-2010 12:21 PM
Hi,
To allow FTP traffic you need a static NAT rule to allow access to the FTP server and an ACL allowing the ports.
i.e.
Let's say your internal FTP is 10.1.1.1 and the public IP will be 200.1.1.1
So, you requiere a static translation rule (ASDM or CLI) and an ACL permitting FTP from any source to the public IP.
If you want to do it via CLI you can post the following:
sh run static
sh run access-group
sh run access-list NAME --> change NAME for the name of the ACL applied to the outside interface
Federico.
12-02-2010 11:50 AM
Thanx
12-02-2010 11:56 AM
What is the IP of the FTP server behind the ASA?
Adding to the list you will need:
static (in,out) tcp PUBLIC_IP 21 PRIVATE_IP 21
access-list outside_access_in permit tcp any host PUBLIC_IP eq 21
Federico.
12-02-2010 12:29 PM
12-02-2010 12:58 PM
If it's to allow outbound FTP access to an external server, you should add the IP of the server to the object-group.
If from an internal computer you try to connect to this new FTP server what happen?
Can you reach it via telnet x.x.x.x 2?
Federico.
12-02-2010 01:02 PM
hi,
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/objectgroups.html
12-03-2010 09:43 AM
Thanx for your help guys. That doc looks like what
I am looking for.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide