I'm trying to FTP using SSL. I am aware that this can not work through the PIX, so I am trying to connect to an FTP server (not maintained by us) over the Internet from a box that is outside our PIX and I still can't connect using SSL/FTP. My question now is, do Cisco routers support this?
I'm not doing any kind of NAT on our perimeter router, but I do have a pretty extensive ACL on it. Someone else configured this ACL for us, and I'm still kind of new with this, but can someone tell me if anything in this ACL would stop SSL/FTP from not working?
Here it is:
access-list 100 deny ip 127.0.0.0 0.255.255.255 any log
access-list 100 deny ip 255.0.0.0 0.255.255.255 any log
access-list 100 deny ip 224.0.0.0 7.255.255.255 any log
access-list 100 deny ip host 0.0.0.0 any log
access-list 100 deny ip 10.0.0.0 0.255.255.255 any log
access-list 100 deny ip 172.16.0.0 0.15.255.255 any log
access-list 100 deny ip 192.168.0.0 0.0.255.255 any log
access-list 100 deny udp any any eq 1
access-list 100 deny udp any any eq 5
access-list 100 deny udp any any eq echo
access-list 100 deny udp any any eq discard
access-list 100 deny udp any any eq 13
access-list 100 deny udp any any eq 17
access-list 100 deny udp any any eq 18
access-list 100 deny udp any any eq 19
access-list 100 deny udp any any eq bootpc
access-list 100 deny udp any any eq tftp
access-list 100 deny udp any any eq sunrpc
access-list 100 deny tcp any any eq 135
access-list 100 deny udp any any range netbios-ns netbios-ss
access-list 100 deny udp any any eq snmp log
access-list 100 deny udp any any eq snmptrap
access-list 100 deny tcp any any eq 445
access-list 100 deny udp any any eq 445
access-list 100 deny tcp any any eq 593
access-list 100 deny udp any any eq 593
access-list 100 deny tcp any any range exec cmd
access-list 100 deny udp any any eq who
access-list 100 deny udp any any eq talk
access-list 100 deny udp any any eq 1434
access-list 100 deny tcp any any eq 1434
access-list 100 permit tcp any any established
access-list 100 permit tcp any host 216.27.x.x gt 1023
access-list 100 deny tcp any any eq 3372
access-list 100 deny tcp any any eq 2049
access-list 100 deny udp any any eq 2049
access-list 100 deny tcp any any eq 4045
access-list 100 deny udp any any eq 4045
access-list 100 deny tcp any any eq 12345 log
access-list 100 deny udp any any eq 12345 log
access-list 100 deny tcp any any eq 27374 log
access-list 100 deny udp any any eq 27374 log
access-list 100 deny tcp any any eq 31337 log
access-list 100 deny udp any any eq 31337 log
access-list 100 deny tcp any any eq 31338 log
access-list 100 deny udp any any eq 31338 log
access-list 100 deny tcp any any eq 65000 log
access-list 100 deny udp any any eq 65000 log
access-list 100 permit udp any host 216.27.x.x eq domain
access-list 100 permit udp any any eq isakmp log
access-list 100 permit gre any any log
access-list 100 permit esp any any log
access-list 100 permit ahp any any log
access-list 100 permit tcp any any eq ident
access-list 100 permit udp any any eq 1701 log
access-list 100 permit tcp any any eq 1701 log
access-list 100 permit udp any any eq 1723 log
access-list 100 permit tcp any any eq 1723 log
access-list 100 permit tcp any any eq 709 log
access-list 100 permit tcp any any eq 389 log
access-list 100 permit tcp any any eq 5080 log
access-list 100 permit tcp any host 216.27.x.x eq smtp
access-list 100 permit tcp any host 216.27.x.x eq 443
access-list 100 permit tcp any host 216.27.x.x eq www
access-list 100 permit icmp any any echo-reply
access-list 100 permit udp any any eq domain
access-list 100 deny ip any any
!
line con 0
transport input none
line aux 0
line vty 0 4
access-class 1 in
password xxxxx
login
!
no scheduler allocate
end
Thanks.
