• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 238
  • Last Modified:

Configure a PIX 515 for FTP access to Web Server

I a supporting a PIX 515, in a Windows 2000 domain. We have a Web Server that is setup in a "DMZ"
The inside (Network Gateway) IP is 10.1.1.1
The Outside IP is 10.1.2.2
Both the Cisco, and the Web Server are connected to a Cayman Router(DSL)
I need to enable FTP access to the Web Server, only for users "inside the Firewall"
What lines do I need to add to the PIX configuration?
0
cookd47
Asked:
cookd47
  • 2
1 Solution
 
WadskiIT DirectorCommented:
Do you use PDM?  If so its quite easy to add a route from the internal network to the DMZ for traffic on TCP port 20 and 21.

If, like me, your knowledge of Cisco Language is pretty sparce (or none existant) it is the easiest way to graphically configure your 515.  I use it to monitor the traffic passing through the firewall as well!!!
0
 
cookd47Author Commented:
I do not use PDM
I prefer to edit the Configuration, to only allow internal users to access the WEb Server
0
 
harbor235Commented:
By default traffic from the inside (a higher ASA security level) is allowed to the DMZ (lowe ASA secuirity level).
It is the return traffic to the inside network that you need to address. Make sure "fixup protocol ftp" is issued,
On the inside interface apply a ACL to allow the return traffic back in:

access-list 100 permit tcp any host xx.xx.xx.xx eq ftp

harbor235
0
 
cookd47Author Commented:
I will be back on site tomorrow to test
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now