Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 449
  • Last Modified:

Add an Access-List item to a Cisco Pic Firewall

I'm trying to add an access-list item to my cicso pix firewall so I can accept ftp traffic to a server.
Here's what I'm doing
ssh <pix ip>
enter username
enter password
enable
enter password
conf t
access-list outside_acl permit tcp any host 70.69.184.115 255.255.255.255 0 0 ftp

I then get error "ERROR: extra command argument(s)"

I've also tried access-list outside_acl permit tcp any host 70.69.184.115 255.255.255.255 ftp

but get the same error.

Can anyone tell me what I'm doing wrong or what it is I need to do?
0
RPIIT
Asked:
RPIIT
1 Solution
 
nodiscoCommented:
hi there

You need to work it as :

access-list outside_acl permit tcp any host 70.69.184.115 eq ftp

You may also need to add the ftp-data port

access-list outside_acl permit tcp any host 70.69.184.115 eq ftp-data

And you will need to apply this to the outside interface (assuming its allowing ftp access to this host from outside) if its not already:

access-group outside_acl in interface outside

hth

0
 
RPIITAuthor Commented:
Perfect, worked great.
Thank you.

What does the "eq" mean?
0
 
NopiusCommented:
'eq' means 'equal', look here http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a3.html#wp1067755
and read about 'operator' in the table below.
..
The operator compares the source IP address (sip) or destination IP address (dip) ports. Possible operands include lt for less than, gt for greater than, eq for equal, neq for not equal, and range for an inclusive range.
...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Tackle projects and never again get stuck behind a technical roadblock.
Join Now