Add an Access-List item to a Cisco Pic Firewall

RPIIT
RPIIT used Ask the Experts™
on
I'm trying to add an access-list item to my cicso pix firewall so I can accept ftp traffic to a server.
Here's what I'm doing
ssh <pix ip>
enter username
enter password
enable
enter password
conf t
access-list outside_acl permit tcp any host 70.69.184.115 255.255.255.255 0 0 ftp

I then get error "ERROR: extra command argument(s)"

I've also tried access-list outside_acl permit tcp any host 70.69.184.115 255.255.255.255 ftp

but get the same error.

Can anyone tell me what I'm doing wrong or what it is I need to do?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
hi there

You need to work it as :

access-list outside_acl permit tcp any host 70.69.184.115 eq ftp

You may also need to add the ftp-data port

access-list outside_acl permit tcp any host 70.69.184.115 eq ftp-data

And you will need to apply this to the outside interface (assuming its allowing ftp access to this host from outside) if its not already:

access-group outside_acl in interface outside

hth

Author

Commented:
Perfect, worked great.
Thank you.

What does the "eq" mean?
Artysystem administrator
Top Expert 2007

Commented:
'eq' means 'equal', look here http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a3.html#wp1067755
and read about 'operator' in the table below.
..
The operator compares the source IP address (sip) or destination IP address (dip) ports. Possible operands include lt for less than, gt for greater than, eq for equal, neq for not equal, and range for an inclusive range.
...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial