Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Allowing FTP through ASA/Firewall

Allowing FTP through ASA/Firewall 9 years 6 months ago #29095

  • timparker
  • timparker's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 96
  • Thank you received: 0
I am having some issues with allowing this through our ASA. I started pulling the config apart to post but started googling and I see some stuff about having to allow other high ports. I currently have what I think are the correct ones, 21 and 20.

Anything blatent that I am missing or should I continue to post the config here?

TIA.

Re: Allowing FTP through ASA/Firewall 9 years 6 months ago #29100

  • timparker
  • timparker's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 96
  • Thank you received: 0
Nevermind on this, I found the answer. For those that might want/need this later. I didn't have :

fixup protocol ftp 21

In my config. Added it in and Poof it works!

Re: Allowing FTP through ASA/Firewall 9 years 6 months ago #29146

What exactly does that line do?

Re: Allowing FTP through ASA/Firewall 9 years 6 months ago #29150

  • timparker
  • timparker's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 96
  • Thank you received: 0
That actually is the line from Pix 6.3 code. The ASA though I found out converts it to the correct Policy Map, Traffic Inspection and Service Policy.

Re: Allowing FTP through ASA/Firewall 9 years 6 months ago #29158

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0
Basically, the Fixup allows the Firewall to inspect (inspect is actually what is used in version 7+) the traffic. It checks it for RFC Compliancy, etc... but more importantly it makes the firewall FTP aware. This means that the firewall can monitor the FTP Communication and can open the necessary secondary ports that are required with the FTP protocol (i.e. Port 21 for the Command, once data is actually being transmitted, Port 20 is used for the data, this needs to be allowed through the firewall, while its inspecting the traffic, the firewall will notice which port the traffic is coming from and dynamically open it).

It would be worth reading about it within this site, in particular the differences between PASV and ACTIVE (PORT) Modes http://www.firewall.cx/ftp.php

Re: Allowing FTP through ASA/Firewall 9 years 6 months ago #29195

Thank you for the info. I will check that out.
  • Page:
  • 1
Time to create page: 0.143 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup