Solved

Cisco ACL Question

Posted on 2008-10-15
4
306 Views
Last Modified: 2012-05-05
Hi all,
We are setting up a process by which files are uploaded and downloaded to a third party company from their FTP server using FTPs.
I have to create the necessary ACL on our 2801 router to allow this but it's not working how I thought it would. As a start I've added the following line;

access-list 102 permit ip host <ip of remote ftp server> any

The ACL is applied to the external interface of the router as folllows;

ip access-group 102 in

I thought that this would open up the router to allow all traffic to and from the remote ftp server regardless of port number (they use port 2221) but using CuteFTP setup as they recommend will not connect and I can't telnet to it either. Their tech guys say that no packets are even trying to connect so it has to be that our router is still blocking them.

Any thoughts greatly apprechiated.

Thanks.
0
Comment
Question by:trifastsystems
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
that1guy15 earned 500 total points
ID: 22724070
If you are adding the permit statement to an ACL that is already on the router then it will be added to the bottom of the list (or last statement applied) and any statement above it  could be denying FTP already. Check to make sure no other statement is blocking FTP. IF so either remove it or reenter the access list with the allow above it.
0
 

Author Comment

by:trifastsystems
ID: 22724100
Whenever I edit an ACL I always copy the whole thing to a text file, add what I want at the point I want it and then remove the whole ACL from the router before pasting in the new one.

I've tried adding the line at the top of the list but no joy.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22724168
This is an outbound connection from you through your 2801 to them, right?  Can you post the router config?
0
 

Author Comment

by:trifastsystems
ID: 22724197
I've just got it working.

Thought I'd try putting it at the top of the list again just to be sure and bosh.......it connected. I must have been doing something else wrong when I tried first time.

Point to you that1guy15.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now