11-12-2012 10:35 PM - edited 03-11-2019 05:22 PM
Dear All,
How can I allow passive ftp communication in PIX 6.3(5)106.
Thank You,
Abhisar.
Solved! Go to Solution.
11-13-2012 12:37 AM
Is this for outbound or inbound FTP?
For outbound FTP:
1) Configure:
fixup protocol ftp 21
2) Then if you have any access-list on the inside interface, allow tcp/21
For inbound FTP:
1) Configure:
fixup protocol ftp 21
2) Configure static NAT statement for the FTP server
3) Configure access-list on the outside interface to allow TCP/21 on the NATed IP.
11-13-2012 12:37 AM
Is this for outbound or inbound FTP?
For outbound FTP:
1) Configure:
fixup protocol ftp 21
2) Then if you have any access-list on the inside interface, allow tcp/21
For inbound FTP:
1) Configure:
fixup protocol ftp 21
2) Configure static NAT statement for the FTP server
3) Configure access-list on the outside interface to allow TCP/21 on the NATed IP.
11-13-2012 12:50 AM
Thank You Jennifer,
It is outboud ftp, all the mentioned things are alreay configured. We can login to the FTP server but can not pull the data.
Also, I have added following command but still no change in the result.
fixup protocol ftp 20
Thank You,
Abhisar.
11-13-2012 01:08 AM
Pls kindly remove: fixup protocol ftp 20
as that actually breaks it.
11-13-2012 02:55 AM
Dear Jennifer,
Now it is working, issue was in switch ACL, we allowed 20,21,1024-65535 ports on the switch.
fixup protocol ftp 21 is working fine in pix.
Thank You,
Abhisar.
11-13-2012 03:40 AM
Excellent.. thanks for the update and ratings.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: