11-12-2012 10:35 PM - edited 03-11-2019 05:22 PM
Dear All,
How can I allow passive ftp communication in PIX 6.3(5)106.
Thank You,
Abhisar.
Solved! Go to Solution.
11-13-2012 12:37 AM
Is this for outbound or inbound FTP?
For outbound FTP:
1) Configure:
fixup protocol ftp 21
2) Then if you have any access-list on the inside interface, allow tcp/21
For inbound FTP:
1) Configure:
fixup protocol ftp 21
2) Configure static NAT statement for the FTP server
3) Configure access-list on the outside interface to allow TCP/21 on the NATed IP.
11-13-2012 12:37 AM
Is this for outbound or inbound FTP?
For outbound FTP:
1) Configure:
fixup protocol ftp 21
2) Then if you have any access-list on the inside interface, allow tcp/21
For inbound FTP:
1) Configure:
fixup protocol ftp 21
2) Configure static NAT statement for the FTP server
3) Configure access-list on the outside interface to allow TCP/21 on the NATed IP.
11-13-2012 12:50 AM
Thank You Jennifer,
It is outboud ftp, all the mentioned things are alreay configured. We can login to the FTP server but can not pull the data.
Also, I have added following command but still no change in the result.
fixup protocol ftp 20
Thank You,
Abhisar.
11-13-2012 01:08 AM
Pls kindly remove: fixup protocol ftp 20
as that actually breaks it.
11-13-2012 02:55 AM
Dear Jennifer,
Now it is working, issue was in switch ACL, we allowed 20,21,1024-65535 ports on the switch.
fixup protocol ftp 21 is working fine in pix.
Thank You,
Abhisar.
11-13-2012 03:40 AM
Excellent.. thanks for the update and ratings.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide