01-20-2003 08:34 PM - edited 03-09-2019 01:45 AM
Question:
My router is doing both static NAT and dynamic from a pool of public addresses. When I execute a sh ip nat trans command, the output shows most of my Inside local and global addresses, both static and dynamic, with a a following tcp port of 21. Why is that? Will I need to consider this when building my access-lists?
Thanks!
01-24-2003 11:53 AM
TCP 21 is FTP control, probably more users on your network are initiating file transfers.If you want users not to do any file transfers you can block them using access list.
01-24-2003 12:40 PM
Thanks for the reply.
I realize that 21 is the standard representation for FTP control, but every single nat translation on the inside has the :21 referenced after it and there is simply no possible way that every user on the network has initiated a file transfer? Any other thoughts or possibilities?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide