Configure a PIX 515 for FTP access to Web Server

Posted on 2005-05-03
Last Modified: 2013-11-29
I a supporting a PIX 515, in a Windows 2000 domain. We have a Web Server that is setup in a "DMZ"
The inside (Network Gateway) IP is
The Outside IP is
Both the Cisco, and the Web Server are connected to a Cayman Router(DSL)
I need to enable FTP access to the Web Server, only for users "inside the Firewall"
What lines do I need to add to the PIX configuration?
Question by:cookd47
    LVL 16

    Expert Comment

    Do you use PDM?  If so its quite easy to add a route from the internal network to the DMZ for traffic on TCP port 20 and 21.

    If, like me, your knowledge of Cisco Language is pretty sparce (or none existant) it is the easiest way to graphically configure your 515.  I use it to monitor the traffic passing through the firewall as well!!!

    Author Comment

    I do not use PDM
    I prefer to edit the Configuration, to only allow internal users to access the WEb Server
    LVL 32

    Accepted Solution

    By default traffic from the inside (a higher ASA security level) is allowed to the DMZ (lowe ASA secuirity level).
    It is the return traffic to the inside network that you need to address. Make sure "fixup protocol ftp" is issued,
    On the inside interface apply a ACL to allow the return traffic back in:

    access-list 100 permit tcp any host xx.xx.xx.xx eq ftp


    Author Comment

    I will be back on site tomorrow to test

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Understanding FTPS File transfer is a common requirement in most Enterprises. While there are numerous ways to get a file from Point A to Point B over a network, perhaps the most common method still in use is FTP – File Transfer Protocol. FTP is …
    Please see preceding article here: Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
    Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now