04-13-2012 11:43 AM - edited 03-11-2019 03:53 PM
Hi Experts,
We had an ASA 5510 as a firewall in our environment, and there is a requirement to access an ftps server from our location. Currently from the server location they configured everything by allowing our public ip to their server and gave the following details to access ftp.
Server address for accessing ftp > ftp://ftp.<server address>.com
FTPS Access from port 990 (Implicit)
User ID: <user id>
Password:<password>
Please suggest which traffic needs to be allowed in our ASA to access the ftp server address as mentioned above. From my initial analysis, it's found that 989 port is also enabled for the access, but that was not mentioned by them.
Any advice or suggestions regarding this is highly appreciable.
Regards,
Sihanu N
04-13-2012 03:21 PM
Hello Sihanu,
So the Secure FTP server will be outside your network.....
All you need to do is to open the required TCP ports ( in this case 990) in the interface were the clients are going to be.
Lets focus on the following topology:
PC1------------(inside)ASA(outside)--------------INTERNET---------------SFTP
All you will need to do is if you have an ACL on the inside interface add a line
access-list test permit tcp host PC1 host SFTP eq 990.
I think this document will help:
https://supportforums.cisco.com/docs/DOC-23206
You will need to focus on the scenario 2:
Client on the inside and server on the outside, Server on Passive mode.
Same thing, client initiates the connection on port 990/22, the server agrees and waits for the client to set the port command. Client initiates the connection to the outside world in that n+1 port to the server and everything is going to work fine.
This may sound a little bit complicated, what you need to understand is that the firewall cannot open the Data channel because the Control channel is encrypted. Make sure that the data channel is seeing by the firewall as a regular connection.
Regards,
Do rate all the helpful posts
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide