cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1078
Views
0
Helpful
5
Replies

Passive FTP in PIX 6.3(5)106

abhisar patil
Level 1
Level 1

Dear All,

How can I allow passive ftp communication in PIX 6.3(5)106.

Thank You,

Abhisar.

1 Accepted Solution

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

Is this for outbound or inbound FTP?

For outbound FTP:

1) Configure:

fixup protocol ftp 21

2) Then if you have any access-list on the inside interface, allow tcp/21

For inbound FTP:

1) Configure:

fixup protocol ftp 21

2) Configure static NAT statement for the FTP server

3) Configure access-list on the outside interface to allow TCP/21 on the NATed IP.

View solution in original post

5 Replies 5

Jennifer Halim
Cisco Employee
Cisco Employee

Is this for outbound or inbound FTP?

For outbound FTP:

1) Configure:

fixup protocol ftp 21

2) Then if you have any access-list on the inside interface, allow tcp/21

For inbound FTP:

1) Configure:

fixup protocol ftp 21

2) Configure static NAT statement for the FTP server

3) Configure access-list on the outside interface to allow TCP/21 on the NATed IP.

Thank You Jennifer,

It is outboud ftp, all the mentioned things are alreay configured. We can login to the FTP server but can not pull the data.

Also, I have added following command but still no change in the result.

fixup protocol ftp 20

Thank You,

Abhisar.

Pls kindly remove: fixup protocol ftp 20

as that actually breaks it.

Dear Jennifer,

Now it is working, issue was in switch ACL, we allowed 20,21,1024-65535 ports on the switch.

fixup protocol ftp 21 is working fine in pix.

Thank You,

Abhisar.

Excellent.. thanks for the update and ratings.

Review Cisco Networking for a $25 gift card