allow FTP site

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Guest

allow FTP site

Post by Guest » Sat Jan 01, 2005 5:43 pm

Noob here. I want to allow an ftp site for our users. I know how to do it via ASDM but have been wanting to use CLI.Looked online but haven been able to find what im looking for.

Guest

Re:allow FTP site

Post by Guest » Sat Jan 01, 2005 6:54 pm

Hi, To allow FTP traffic you need a static NAT rule to allow access to the FTP server and an ACL allowing the ports. i.e.Lets say your internal FTP is 10.1.1.1 and the public IP will be 200.1.1.1 So, you requiere a static translation rule (ASDM or CLI) and an ACL permitting FTP from any source to the public IP. If you want to do it via CLI you can post the following: sh run staticsh run access-groupsh run access-list NAME   --> change NAME for the name of the ACL applied to the outside interface Federico.

Guest

Re:allow FTP site

Post by Guest » Sat Jan 01, 2005 6:55 pm

Thanx

Guest

Re:allow FTP site

Post by Guest » Sat Jan 01, 2005 8:09 pm

What is the IP of the FTP server behind the ASA? Adding to the list you will need: static (in,out) tcp PUBLIC_IP 21 PRIVATE_IP 21access-list outside_access_in permit tcp any host PUBLIC_IP eq 21 Federico.

Guest

Re:allow FTP site

Post by Guest » Sat Jan 01, 2005 8:11 pm

We dont have FTP server. This is for ftp sites that we need to access. For example thru ASDM to allow acces to an FTP site I would go to Configuration>Firewall>Objects>Network Objects/Groups> and Ill add the IP and name. See attached.

Post Reply