- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2013 07:34 PM - edited 03-11-2019 07:07 PM
Hi Everyone,
I am trying to FTP from the PC behind the DMZ interface.
I have config the ACL to allow FTP from outside interface direction is outside.
I can make the FTP work by config of ACL on the DMZ interface but i want to test it so that it can work from my PC behind DMZ interface when i apply ACL on the outside interface direction is out.
I have attached the asa config.
Need to know if there is any way under current config that FTP can work without applying ACL to DMZ interface?
Solved! Go to Solution.
- Labels:
-
NGFW Firewalls
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2013 10:32 PM
I can't look at your config at the moment (doesn't work on the iPad), but one alternative to an ACL on the DMZ interface could be to use a global ACL.
Sent from Cisco Technical Support iPad App
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2013 01:37 AM
Apply that acl in incoming direction on outside interface.
no, the ASA is a statefull Firewall with FTP-Inspection. You never need an incoming ACL in the outside interface for outbound FTP when you have a proper config.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2013 10:32 PM
I can't look at your config at the moment (doesn't work on the iPad), but one alternative to an ACL on the DMZ interface could be to use a global ACL.
Sent from Cisco Technical Support iPad App
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2013 01:11 AM
Hi Mahesh,
Apply that acl in incoming direction on outside interface.
Cheers
Pankaj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2013 01:37 AM
Apply that acl in incoming direction on outside interface.
no, the ASA is a statefull Firewall with FTP-Inspection. You never need an incoming ACL in the outside interface for outbound FTP when you have a proper config.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2013 07:47 AM
Hi Karsten,
Your answers are good to read and they have so much knowledge.
For time being i allowed ftp to any destination from DMZ but on outbound interface direction out i have restricted it with
certain IP which are allowed.
Best regards
Mahesh
