cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

256
Views
0
Helpful
1
Replies
Highlighted
Beginner

Configuring explicit FTP over TLS outbound on Cisco ASA

 

We have Cisco ASA and IOS is Post 8.4

I have a few internal systems and servers (see created object group below) called our "user acceptance testing" (UAT) environment (security level 50). They will need access to a publicly accessible FTPS (ftp over tls) server. Do I need to define destination port of 990 like listed below in ACL? What about the data traffic? Do I define a port range on an additional acl to use for return? Do I even need to do this since it is from within my network outbound to a host on internet? (PAT)
FTP on ASA is set as passive


object-group network UAT-****
 network-object object ***uat
 network-object object uat***01
 network-object object uat****01
 network-object object ***uat04
 network-object object UAT-PAT
 network-object object UAT-PAT2

object network ftps.*******.com
 host xxx.xxx.180.229
 description FTP over TLS site

object-group service FTP-TLS tcp
 description FTP using TLS
 port-object eq 990

access-list uat extended permit tcp object-group UAT-**** object ftps.*******.com object-group FTP-TLS


Why can't people just use SFTP :(

1 REPLY 1
Highlighted
VIP Mentor

that should cover for the FTP, do you have any Global NAT configuration ?

BB
*** Rate All Helpful Responses ***
Content for Community-Ad