Solved

Cisco ACL Question

Posted on 2008-10-15
4
308 Views
Last Modified: 2012-05-05
Hi all,
We are setting up a process by which files are uploaded and downloaded to a third party company from their FTP server using FTPs.
I have to create the necessary ACL on our 2801 router to allow this but it's not working how I thought it would. As a start I've added the following line;

access-list 102 permit ip host <ip of remote ftp server> any

The ACL is applied to the external interface of the router as folllows;

ip access-group 102 in

I thought that this would open up the router to allow all traffic to and from the remote ftp server regardless of port number (they use port 2221) but using CuteFTP setup as they recommend will not connect and I can't telnet to it either. Their tech guys say that no packets are even trying to connect so it has to be that our router is still blocking them.

Any thoughts greatly apprechiated.

Thanks.
0
Comment
Question by:trifastsystems
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
that1guy15 earned 500 total points
ID: 22724070
If you are adding the permit statement to an ACL that is already on the router then it will be added to the bottom of the list (or last statement applied) and any statement above it  could be denying FTP already. Check to make sure no other statement is blocking FTP. IF so either remove it or reenter the access list with the allow above it.
0
 

Author Comment

by:trifastsystems
ID: 22724100
Whenever I edit an ACL I always copy the whole thing to a text file, add what I want at the point I want it and then remove the whole ACL from the router before pasting in the new one.

I've tried adding the line at the top of the list but no joy.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22724168
This is an outbound connection from you through your 2801 to them, right?  Can you post the router config?
0
 

Author Comment

by:trifastsystems
ID: 22724197
I've just got it working.

Thought I'd try putting it at the top of the list again just to be sure and bosh.......it connected. I must have been doing something else wrong when I tried first time.

Point to you that1guy15.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question