FTP access rule not working

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Post Reply
sparky
Hello I'm new here
Posts: 4
Joined: Wed Jul 20, 2011 12:42 am
Location: UK

FTP access rule not working

Post by sparky » Wed Jul 20, 2011 12:47 am

Hi all, new here so be gentle :)

I've added an access rule for our inside to permit object (testftp) to any (0.0.0.0) for ftp (20/21)and it doesn't seem to work. If I change the ftp to http, browsing is fine, as does it if I set to IP(0) or TCP(6)

Checking the logging when set to ftp I see:

106023 testftp 1089 62.216.233.142 14578 Deny tcp src inside:testftp/1089 dst outside:62.216.233.142/14578 by access-group "inside_access_in" [0x565b3da1, 0x0]

Having found the inside_access_in which resides in the ACL Manager, I see the same rule in there but cannot fathom it out.

I've done the same thing for a user that required ssh (sftp) and that worked fine. Is it something to do with the passive/active port numbers, etc?

I'm obviously missing something here so any guidance would be appreciated because I don't admit to being a Cisco guru by a long way.

sparky
Hello I'm new here
Posts: 4
Joined: Wed Jul 20, 2011 12:42 am
Location: UK

Re: FTP access rule not working

Post by sparky » Fri Sep 09, 2011 1:26 am

I got this sorted in the end.

Post Reply