Link to home
Create AccountLog in
Avatar of PHS_IT
PHS_IT

asked on

Trouble configuring FTP explicit SSL in passive mode

We have an application with a built in secure ftp client. The upload process is unable to complete due to the ports being blocked on the firewall. The firewall is a Cisco PIX 515E. The software is PIX Version 6.3(3). According to the software vendor ports 21 and 1026 thru 1040. I was just looking for a best practice in doing this.
Avatar of stsonline
stsonline
Flag of United States of America image

Create an access-list for the external host(s) and the internal host(s) needing secure FTP access. Provide the TCP ports as the action in the ACL:

access-list acl_in permit tcp host <external host> host <internal host> eq ftp
access-list acl_in extended permit tcp host <external host> host <internal host> range 1026 1040

Apply the ACL to the outside interface and you're good to go.
Avatar of PHS_IT
PHS_IT

ASKER

Thanks!
When I try to add the second line I get:
ERROR: <extended> not a valid permission.
Any ideas on that?
ASKER CERTIFIED SOLUTION
Avatar of stsonline
stsonline
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer