• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 308
  • Last Modified:

Configure a PIX 515 for FTP access to Web Server

I a supporting a PIX 515, in a Windows 2000 domain. We have a Web Server that is setup in a "DMZ"
The inside (Network Gateway) IP is 10.1.1.1
The Outside IP is 10.1.2.2
Both the Cisco, and the Web Server are connected to a Cayman Router(DSL)
I need to enable FTP access to the Web Server, only for users "inside the Firewall"
What lines do I need to add to the PIX configuration?
0
cookd47
Asked:
cookd47
  • 2
1 Solution
 
WadskiIT DirectorCommented:
Do you use PDM?  If so its quite easy to add a route from the internal network to the DMZ for traffic on TCP port 20 and 21.

If, like me, your knowledge of Cisco Language is pretty sparce (or none existant) it is the easiest way to graphically configure your 515.  I use it to monitor the traffic passing through the firewall as well!!!
0
 
cookd47Author Commented:
I do not use PDM
I prefer to edit the Configuration, to only allow internal users to access the WEb Server
0
 
harbor235Commented:
By default traffic from the inside (a higher ASA security level) is allowed to the DMZ (lowe ASA secuirity level).
It is the return traffic to the inside network that you need to address. Make sure "fixup protocol ftp" is issued,
On the inside interface apply a ACL to allow the return traffic back in:

access-list 100 permit tcp any host xx.xx.xx.xx eq ftp

harbor235
0
 
cookd47Author Commented:
I will be back on site tomorrow to test
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now