Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
258
Views
0
Helpful
2
Replies

Allowing Inside Users to FTP on DMZ Interface

mnlatif
Level 3
Level 3

‎11-26-2002 10:28 AM - edited ‎03-09-2019 01:12 AM

Hi,

I have a FTP Server on the DMZ interface, for which i want to allow Inside Users Access.

With the current configuration, i have ALL inside users being NATed to the Outside Interface for Web Access.

< nat (inside) 1 0.0.0.0 0.0.0.0 0 0>

<global (outside)....>

Is it possible to have Inside Users Access the FTP Server "without" using NAT ?

Should i use <nat 0 ..> command ? If i use this "nat 0.." command, would it effect my existing NAT configuration ?

Labels:
0 Helpful
2 Replies 2

mnlatif
Level 3
Level 3

‎11-26-2002 11:54 AM

Okay. figured it out. No need to define any NAT or Static Statements.

FTP is working Okay, however ICMP was being denied, even though i had

.. statements defined.

ICMP worked , when i applied an Inbound Access-List on DMZ interface.

Why is that ? Is an ACL also needed in addition to statement for allowing ICMP ?

0 Helpful

ssdata
Level 1
Level 1
In response to mnlatif

‎11-27-2002 05:13 AM

Hi,

ICMP is connectionless protocol, so the is entry in the state-table. This means that PIX does not recognize the reply-packet and it treats it as a new connections. So if you use acls, you have to permit icmp in both interfaces, if you use conduit then one is enough.

0 Helpful
Customers Also Viewed These Support Documents