Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
0
Helpful
4
Replies

FTP Through a PIX 515

abruso
Level 1
Level 1

‎10-28-2004 01:37 PM - edited ‎02-20-2020 11:42 PM

Hello,

Just wanted to run a few lines of my config by you guys. I want to host an FTP server on my internal network and allow people from the outside to access it.

All I would need to have in my config is something like this right?

access-list outside_Access_in permit tcp any host 216.27.x.x eq ftp

static (inside,outside) 216.27.x.x 10.0.0.10 255.255.255.255 0 0

So, if someone types in their browser "Ftp://216.27.x.x" it should forward them to the internal PC with the IP address of 10.0.0.10 correct?

Am I missing anything?

0 Helpful
4 Replies 4

Patrick Iseli
Level 7
Level 7

‎10-28-2004 03:21 PM

Yes thats looks ok.

access-list outside_Access_in permit tcp any host 216.27.x.x eq ftp

static (inside,outside) 216.27.x.x 10.0.0.10 netmask 255.255.255.255 0 0

access-group outside_Access_in in interface outside

fixup protocol ftp 21

Cisco config example:

Configuring the PIX Firewall with Mail Server Access on Inside Network

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094466.shtml

You may try a standard ftp client to test your ftp server instead of a browser. There might be a problem with reserve lookups to your external IPs, which just tkaes a lot of time, or problems with passive ftp.

sincerely

Patrick

0 Helpful

armandoferreira
Level 1
Level 1

‎10-29-2004 02:52 PM

Hi,

What version are you using? Is this relevant?

Maybe using:

fixup protocol ftp 21

and also:

access-group outside_access_in in interface outside

Sincelery,

Armando

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to armandoferreira

‎10-29-2004 06:28 PM

I am using a 6.3.4 version but this is not really relevant I think?

1.) fixup protocol ftp 21

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a8.html#wp1067379

If you disable FTP fixups with the no fixup protocol ftp command, outbound users can start connections only in passive mode, and all inbound FTP is disabled.

2.) access-group outside_access_in in interface outside

Applies an access-list to an interface.

sincerely

Patrick

0 Helpful

LibraryIT
Level 1
Level 1
In response to Patrick Iseli

‎11-03-2004 08:26 AM

I am having a problem that fits in this same catagory. I have a 515 PIX and we are running an FTP server behind it. The server accepts FTP on 419 and I have fixup set to 419. The problem I am having is the prefered vendor port for the data channel is 422, but whenever you choose 422 to PIX stops the TCP stream. If the same client enters a port of 1024 or higher it works. I have not entered the [strick] command so I am at a loss as to why the PIX is stopping this. I am running 6.3.1.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card