Pix 515 FTP statement

[technrisin]

I have just inherited a network a few months ago and there wasn’t a transfer of knowledge. I had a Cisco guy come in to reset password on pix 515 and other switches. I am going to go to class for equipment but that’s not today and I desperately need to add a statement to open an FTP port to transfer some data to the state Please HELP !!!

 

[burtsbees]

pix>en
pix#conf t
pix(config)#access-list FTP permit tcp x.x.x.x y.y.y.y x.x.x.x y.y.y.y eq 21

x.x.x.x=ip address
y.y.y.y=mask

If I had a host in my DMZ that is an ftp server (192.168.1.12), and I wanted to allow anyone access to it via ftp ONLY, I would do this...

access-list FTP permit tcp any host 192.168.1.12 eq ftp
access-list FTP deny ip any host 192.168.1.12
OR
access-list FTP permit tcp any 192.168.1.12 255.255.255.255 eq ftp
access-list FTP deny ip any host 192.168.1.12

Then apply it to the outside interface, inbound...

pix(config)#access-list FTP in interface outside

On Cisco routers, the mask in an access list is the inverse (wildcard) mask (like 255.255.255.0 would be 0.0.0.255), but in a PIX, it is regular. I think. I can't check now because I'm at home, but I could Google. Just FYI.

Email me at timandlizh at gmail dot com

I have TONS of Cisco training material, including CCNA, CCNP, CCSP, CCIE. Have fun. Actually, how can you NOT have fun working on Cisco equipment? OK, guys, don't inundate this thread with answers to that...lol

Burt