Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
903
Views
0
Helpful
1
Replies

Configuring explicit FTP over TLS outbound on Cisco ASA

jroy777
Level 1
Level 1

‎08-25-2020 10:53 PM

 

We have Cisco ASA and IOS is Post 8.4

I have a few internal systems and servers (see created object group below) called our "user acceptance testing" (UAT) environment (security level 50). They will need access to a publicly accessible FTPS (ftp over tls) server. Do I need to define destination port of 990 like listed below in ACL? What about the data traffic? Do I define a port range on an additional acl to use for return? Do I even need to do this since it is from within my network outbound to a host on internet? (PAT)
FTP on ASA is set as passive


object-group network UAT-****
 network-object object ***uat
 network-object object uat***01
 network-object object uat****01
 network-object object ***uat04
 network-object object UAT-PAT
 network-object object UAT-PAT2

object network ftps.*******.com
 host xxx.xxx.180.229
 description FTP over TLS site

object-group service FTP-TLS tcp
 description FTP using TLS
 port-object eq 990

access-list uat extended permit tcp object-group UAT-**** object ftps.*******.com object-group FTP-TLS


Why can't people just use SFTP :(

0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎08-26-2020 01:43 AM

that should cover for the FTP, do you have any Global NAT configuration ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card