Add an Access-List item to a Cisco Pic Firewall

I'm trying to add an access-list item to my cicso pix firewall so I can accept ftp traffic to a server.
Here's what I'm doing
ssh <pix ip>
enter username
enter password
enable
enter password
conf t
access-list outside_acl permit tcp any host 70.69.184.115 255.255.255.255 0 0 ftp

I then get error "ERROR: extra command argument(s)"

I've also tried access-list outside_acl permit tcp any host 70.69.184.115 255.255.255.255 ftp

but get the same error.

Can anyone tell me what I'm doing wrong or what it is I need to do?
RPIITAsked:
Who is Participating?
 
nodiscoConnect With a Mentor Commented:
hi there

You need to work it as :

access-list outside_acl permit tcp any host 70.69.184.115 eq ftp

You may also need to add the ftp-data port

access-list outside_acl permit tcp any host 70.69.184.115 eq ftp-data

And you will need to apply this to the outside interface (assuming its allowing ftp access to this host from outside) if its not already:

access-group outside_acl in interface outside

hth

0
 
RPIITAuthor Commented:
Perfect, worked great.
Thank you.

What does the "eq" mean?
0
 
NopiusCommented:
'eq' means 'equal', look here http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a3.html#wp1067755
and read about 'operator' in the table below.
..
The operator compares the source IP address (sip) or destination IP address (dip) ports. Possible operands include lt for less than, gt for greater than, eq for equal, neq for not equal, and range for an inclusive range.
...
0
All Courses

From novice to tech pro — start learning today.