Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Outside Host, FTP access to internal server

Status
Not open for further replies.
kasser

kasser

Technical User
Jul 31, 2007
18
GB
Hi all,
I am a new network engineer and require some help please.
I need to give 3 hosts outside of our company access to a server for FTP on our DMZ.
I am slightly confused as to where to go with this.

There are 3 seperate hosts.
Should I be setting a static route first and then an access list and then implement it to an interface with an access-group?

Please can someone help me I have been going through the Cisco guides and am getting slightly confused.

All help is much appreciated.

Thanks
 
Sort by date Sort by votes
static (DMZ3,outside) 195.224.52.29 172.16.203.80 netmask 255.255.255.255 0 0
access-list FTPA20 permit tcp host 80.229.177.151 host 195.224.52.29 eq ftp
access-list FTPA20 permit tcp host 84.92.179.54 host 195.224.52.29 eq ftp
access-list FTPA20 permit tcp host 84.92.115.188 host 195.224.52.29 eq ftp
access-list FTPA20 permit tcp host 80.229.177.151 host 195.224.52.29 eq ftp-data
access-list FTPA20 permit tcp host 84.92.179.54 host 195.224.52.29 eq ftp-data
access-list FTPA20 permit tcp host 84.92.115.188 host 195.224.52.29 eq ftp-data


From my research these are the lines I need to add to the firewall. The first line to create a static route from the DMZ to the server.
and the other lines are for the FTP access of the 3 hosts outside our network.

Can anyone help please?
 
Upvote 0 Downvote
You should be good. Just need to apply an access-group for your access-list to the DMZ interface.

access-group FTPA20 in interface <dmz interface name>



Jim W MCSE CCNA
Network Manager
 
Upvote 0 Downvote
You actually want to apply that to the outside interface to allow the traffic to come inbound. It can only restrict what comes into the interface, not out of it like a router can.

access-group FTPA20 in interface outside

If you have other traffic inbound, you will want to add those lines to your ACL bound to the outside interface.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Brent....thanks for setting me straight.

Jim

Jim W MCSE CCNA
Network Manager
 
Upvote 0 Downvote
Thankyou all for your help. It is much appreciated.
All working.
Thanks Jim and Brent.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
267
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
284
Johnkite
Johnkite
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
349
Shmid
Shmid
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
84
Russtoleum
Russtoleum
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
75
gbayi_omo
gbayi_omo

Part and Inventory Search

Sponsor

Back
Top