07-19-2011 04:16 PM - edited 03-11-2019 02:00 PM
From Command reference:
http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/m.html#wp2115726
match active-ftp and match passive-ftp commands
These command can be configured in an FTP class map or policy map.
Are these commands still valid? I can't locate these commands in my ASA running 8.4.1
ASA5505(config)# class-map type inspect ftp ftpcm
ASA5505(config-cmap)# match ?
mpf-class-map mode commands/options:
filename Match a filename for FTP transfer
filetype Match a filetype for FTP transfer
not Negate this match result
request-command Match a FTP request command
server Match a FTP server
username Match a FTP user
Thanks
Pat
Solved! Go to Solution.
07-19-2011 07:26 PM
Hi Plao,
The command is still there but you are looking at the wrong place, this is a policy-map command:
hostname(config)# policy-map type inspect ftp inspect-strict-ftp
hostname(config-pmap)# parameters
hostname(config-pmap-p)# match active-ftp
hostname(config-pmap-p)# reset
hostname(config-pmap-p)# match passive-ftp
hostname(config-pmap-p)# reset log
hostname(config-pmap-p)# exit
You are looking under the class-map.
Hope this helps
Thanks,
Varun
07-19-2011 07:26 PM
Hi Plao,
The command is still there but you are looking at the wrong place, this is a policy-map command:
hostname(config)# policy-map type inspect ftp inspect-strict-ftp
hostname(config-pmap)# parameters
hostname(config-pmap-p)# match active-ftp
hostname(config-pmap-p)# reset
hostname(config-pmap-p)# match passive-ftp
hostname(config-pmap-p)# reset log
hostname(config-pmap-p)# exit
You are looking under the class-map.
Hope this helps
Thanks,
Varun
07-19-2011 08:15 PM
Thank you very much
07-19-2011 08:18 PM
No Problem
Please mark this thread as answered and do rate helpful posts.
-Varun
07-19-2011 08:37 PM
Humm, under my FTP inspect policy-map, parameters setting, I don’t see those match command?
ASA5540(config)# policy-map type inspect ftp strict
ASA5540(config-pmap)# parameters
ASA5540(config-pmap-p)# ?
MPF policy-map parameter configuration commands:
exit Exit from MPF policy-map parameter configuration submode
help Help for MPF policy-map parameter submode commands
mask-banner Mask greeting banner from FTP server
mask-syst-reply Mask reply to syst command
no Negate or set default values of a command
quit Exit from MPF policy-map parameter configuration submode
ASA5540(config-pmap-p)# match active-ftp
^
ERROR: % Invalid input detected at '^' marker.
ASA5540(config-pmap-p)#
ASA5540(config-pmap-p)# sh ver
Cisco Adaptive Security Appliance Software Version 8.4(1)
Device Manager Version 6.4(1)
07-19-2011 09:23 PM
Hi Plao,
I am on my way to office, would verify it on my firewall and let you know.
-Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide