?
Solved

Enabling FTPS/PORT990 on Cisco ASA

Posted on 2012-03-14
2
Medium Priority
?
1,641 Views
Last Modified: 2012-06-01
Im having a problem enabling FTPS/Port 990 on my Cisco ASA 5520
0
Comment
Question by:cisco_pro30
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:cisco_pro30
ID: 37720283
Here is what my policy map has in it.  



!
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect pptp
!
0
 
LVL 6

Accepted Solution

by:
alienXeno earned 2000 total points
ID: 37736622
In plain FTP, the firewall can inspect the control channel and hence it knows the port details of the data channel that is going to get established from the ftp server to the client.

This will enable the firewall to automatically open the data channel ports.

In FTPS, even the control channel traffic is encrypted, so the firewall can no longer inspect the details exchanged over the control port and hence the data channel connection attempt will fail.


Also , check http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#q13
 

For this to work.

Create rules in your firewall as follows

 

1) Allow Any to FTPS server on port 990.

2) Allow FTPS Server port 989 to any.

 

This should allow the data channel tcp session to get established.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question