Re: Port 990 - ACL problems - PIX
- From: "jrguent@xxxxxxxxx" <jrguent@xxxxxxxxx>
- Date: Tue, 4 Aug 2009 09:45:40 -0700 (PDT)
On Aug 3, 10:45 am, p...@xxxxxxxxxxxxxx wrote:
Having some issues with a Cisco PIX IOS 7
we've put an FTP server in our DMZ and normal FTP access seems to be
working but when we want the client to connect over 990 it doesn't
seem to work, however if i connect from another machine on the DMZ
it's all fine.
The relevant bits of the config are shown below:
ftp mode passive
access-list out-acl extended permit tcp any host xx.xx.xx.23 eq ftp
access-list out-acl extended permit tcp any host xx.xx.xx.23 eq ssh
access-list out-acl extended permit tcp any host xx.xx.xx.23 eq 990
access-list out-acl extended permit tcp any host xx.xx.xx.23 eq ftp-
data
access-list out-acl extended permit udp any host xx.xx.xx.23 eq 990
static (DMZ,outside) xx.xx.xx.23 192.168.yy.4 netmask 255.255.255.255
access-group out-acl in interface outside
There isn't currently an access list defined for the DMZ interface,
should i add one and specifically permit 990 out?
Are the client connections which are failing to the DMZ server on port
990 originating from the Outside interface as well and therefore
being inspected by access-list out-acl?
.
- References:
- Port 990 - ACL problems - PIX
- From: paul
- Port 990 - ACL problems - PIX
- Prev by Date: Re: Need al little AAA authentication help....
- Next by Date: Re: Product registration needed ?
- Previous by thread: Port 990 - ACL problems - PIX
- Next by thread: Re: Port 990 - ACL problems - PIX
- Index(es):
Relevant Pages
|
