how to open up Port 21 ftp on pix 501

Posted on 2005-03-08
Medium Priority
Last Modified: 2007-02-13
What is the command to open up port 21 on a pix firewall ?

I am unable to post the current config, now cus im not there yet.

They have a fixed ip adress.

What the client wants to accomplish is to access a ftp server download price lists, and upload their orders to that same
ftp server.

Question by:daxa78
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 32

Accepted Solution

harbor235 earned 1000 total points
ID: 13486396
Are you doing NAT?  You need to add an entry to your access-list:

access-list <number> permit tcp <source_address> <netmask> <destination_ip> <netmask> eq 21
you will need port 20 as well

access-list <number> permit tcp <source_address> <netmask> <destination_ip> <netmask> eq 20

You may also need a translation from the public IP to your private(nat'd) IP:

static (inside,outside) tcp x.x.x.x 21 y.y.y.y 21 netmask 0 0


Assisted Solution

russfly earned 1000 total points
ID: 13514476

3 assumptions here:
  xxx.xxx.xxx.0 = External IP address you want to use for ftp = Internal IP address of the email server that needs to receive the ftp traffic
  fixup protocol ftp 21 = is already configured on the firewall

First you would want to create an access list:
  access-list acl_out permit tcp any host xxx.xxx.xxx.0 eq ftp

Next you will need to create a static statement defining where the traffic needs to go:
  static (inside,outside) xxx.xxx.xxx.0 netmask 0 0

Finally, you want the firewall to use the access list you created which limits access to ftp:
  access-group acl_out in interface outside

Hope that helps!

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question