Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
587
Views
0
Helpful
3
Replies

Passive FTP assistance

cisco24x7
Level 6
Level 6

‎03-24-2008 05:06 AM - edited ‎03-11-2019 05:21 AM

Linux_FTP_Server---(i)Pix(o)----Linux_FTP_Client

Pix is running version 7.2(2)

FTP_Server: 192.168.1.2/24

Pix inside: 192.168.1.1/24

Pix outside: 1.1.1.1/24

FTP_client: 1.1.1.10/24

static (inside,outside) 1.1.1.2 192.168.1.2 netmask 255.255.255.255

access-list External permit icmp any host 1.1.1.2 log

access-list External permit tcp any host 1.1.1.2 eq 21 log

access-group External in interface outside

Is it possible to allow ONLY passive FTP through the firewall? In other words,

FTP_client can only do passive ftp with the

server. Active FTP will be rejected by the

firewall.

If it is possible, how does one go about

doing it?

Thanks.

Labels:
0 Helpful
3 Replies 3

cisco24x7
Level 6
Level 6

‎03-25-2008 02:16 PM

Anyone know the work-around on the firewall

for this? Thanks.

0 Helpful

gbudd12345
Level 1
Level 1

‎03-27-2008 09:02 AM

If you remove the FTP inspection and opened access to your server on port 21 and 20...it might prevent passive FTP

--Gavin Budd

0 Helpful

cisco24x7
Level 6
Level 6
In response to gbudd12345

‎03-27-2008 12:32 PM

Have you tried it and that it works for you?

CCIE Security

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card