PIX and FTP Access

merchantnetwork · Jan 7, 2005

Hello!

I "need" to configure our PIX firewall to allow FTP from an AS400 to a customer. Is this a good (read: secure) thing to do and if so, is this the correct way to do it:

static (inside,outside) 208.xxx.xx.x 10.1.xx.xx puts AS400 on the outside for registered ftp outbound only??

Do I need a conduit permit statement as well?? If so what would it look like?

Thank you!!

bell1996 · Jan 7, 2005

you will need an ACL to allow FTP to pass thru the PIX.

access-list 100 permit tcp any host 208.x.x.x eq 21

No need for a conduit statement. Just add the statement above.

RyanLindfield · Jan 7, 2005

* agreed...

Conduits= bad

Anytime you want to provide a service to the outside you require a static & ACL.

Where is the AS400 in regards to the PIX (inside/outside/dmz)?

Also look to see that fixup for FTP is enabled, or FTP will break

.

Best regards,
Ryan Lindfield

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

PIX and FTP Access

merchantnetwork

MIS

bell1996

Technical User

RyanLindfield

Instructor

Similar threads

Part and Inventory Search

Sponsor