Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN PIX 506

Status
Not open for further replies.
Ronel17

Ronel17

Technical User
Dec 31, 2004
60
US
Hi All,
Need some big help.
I'm new at this (Networking).
I want to implement an FTP site. I have a PIX 506, it's working fine. The ftp is working fine from the inside. How do gave access to ouside pple?
How do i open the port on the firewall?
I have the IP.

Please gave details, step by step..

Thanks
 
Sort by date Sort by votes
Step 1 is to set up a static mapping

static (inside,outside) <Public IP> <Private IP> netmask 255.255.255.255
Step 2 is to open up port 21 for ftp

conduit permit tcp host <public IP> eq 21 any
conduit permit tcp host <public IP> eq 20 any (this is ftp data which may not be needed. Try without first, and if you have problems then, add it.
 
Upvote 0 Downvote

Using Conduit is not good as using Access-list
you can use this step instead of step 2 mentioned with rudeboy

step 2 ( option 2 )
access-list 100 permit tcp any host <Public IP> netmask 255.255.255.255 eq 21

step 3
ensure that there is a Fixup line for the FTP ..


Mohamed Farid
[green]Know Me No Pain , No Me Know Pain !!![/green]
CCNP,CCSP,CCA,MCSE,MCSA
 
Upvote 0 Downvote
remember to assign the access list to the outside interface with this command :

"access-group 100 in interface outside"



Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
Hi Guys,
The access-list command didn't work, the conduit permit works.
But it's still don't work.
Let me ask some more questions.
For the public IP I put the address that is link to my ftp.XXX.com. The private I put my internal IP address.
I ask my provider to link the public IP to ftp.XXX.xom.
Should I be able to ping it? I cann't, but when I tried I have the IP.
Need more help

Thanks
 
Upvote 0 Downvote
access-list 100 permit tcp any host <Public IP> netmask 255.255.255.255 eq 21

that is incorrect syntax, when using the host keyword you don't use netmask so it should be :

access-list 100 permit tcp any host <Public IP> eq 21
or
access-list 100 permit tcp any <Public IP> netmask 255.255.255.255 eq 21

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
Hi All,
Works fine thank you for help.


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
860
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
365
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
1K
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
293
WhosYourDiffie
WhosYourDiffie
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
235
ITSUPPORTIT
ITSUPPORTIT

Part and Inventory Search

Sponsor

Back
Top