cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1860
Views
0
Helpful
5
Replies
Highlighted
Cisco Employee

match active-ftp , match passive-ftp asa commands

From Command reference:

http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/m.html#wp2115726

match active-ftp and match passive-ftp commands

These command can be configured in an FTP class map or policy map.

Are these commands still valid? I can't locate these commands in my ASA running 8.4.1

ASA5505(config)# class-map type inspect ftp ftpcm

ASA5505(config-cmap)# match ?

mpf-class-map mode commands/options:
  filename         Match a filename for FTP transfer
  filetype         Match a filetype for FTP transfer
  not              Negate this match result
  request-command  Match a FTP request command
  server           Match a FTP server
  username         Match a FTP user

Thanks

Pat

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Advocate

Hi Plao,

The command is still there but you are looking at the wrong place, this is a policy-map command:

hostname(config)# policy-map type inspect ftp inspect-strict-ftp

hostname(config-pmap)# parameters

hostname(config-pmap-p)# match active-ftp 

hostname(config-pmap-p)# reset

hostname(config-pmap-p)# match passive-ftp

hostname(config-pmap-p)# reset log

hostname(config-pmap-p)# exit

You are looking under the class-map.

Hope this helps

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC

View solution in original post

5 REPLIES 5
Highlighted
Advocate

Hi Plao,

The command is still there but you are looking at the wrong place, this is a policy-map command:

hostname(config)# policy-map type inspect ftp inspect-strict-ftp

hostname(config-pmap)# parameters

hostname(config-pmap-p)# match active-ftp 

hostname(config-pmap-p)# reset

hostname(config-pmap-p)# match passive-ftp

hostname(config-pmap-p)# reset log

hostname(config-pmap-p)# exit

You are looking under the class-map.

Hope this helps

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC

View solution in original post

Highlighted

Thank you very much

Highlighted

No Problem

Please mark this thread as answered and do rate helpful posts.

-Varun

Thanks, Varun Rao Security Team, Cisco TAC
Highlighted

Humm, under my FTP inspect policy-map, parameters setting, I don’t see those match command?

ASA5540(config)# policy-map type inspect ftp strict


ASA5540(config-pmap)# parameters


ASA5540(config-pmap-p)# ?

MPF policy-map parameter configuration commands:
  exit             Exit from MPF policy-map parameter configuration submode
  help             Help for MPF policy-map parameter submode commands
  mask-banner      Mask greeting banner from FTP server
  mask-syst-reply  Mask reply to syst command
  no               Negate or set default values of a command
  quit             Exit from MPF policy-map parameter configuration submode


ASA5540(config-pmap-p)# match active-ftp
                                                        ^
ERROR: % Invalid input detected at '^' marker.
ASA5540(config-pmap-p)#

ASA5540(config-pmap-p)# sh ver

Cisco Adaptive Security Appliance Software Version 8.4(1)
Device Manager Version 6.4(1)

Highlighted

Hi Plao,

I am on my way to office, would verify it on my firewall and let you know.

-Varun

Thanks, Varun Rao Security Team, Cisco TAC
Content for Community-Ad