2611 Access List problem - outbound FTP

Discussion in 'Cisco' started by Joe Bloe, Jul 23, 2003.

  1. Joe Bloe

    Joe Bloe Guest

    Hi All, we've got a basic set of extended access lists in our 2611:

    ip access-list extended inbound
    permit tcp any host a.b.c.11 eq 3389
    permit tcp any host a.b.c.11 eq ftp
    permit tcp any host a.b.c.12 eq 3389
    permit tcp any host a.b.c.12 eq www
    permit tcp any host a.b.c.12 eq ftp
    permit tcp any host a.b.c.13 eq ftp
    permit tcp any host a.b.c.13 eq telnet
    permit tcp any host a.b.c.13 eq 7665
    permit icmp any host a.b.c.11 echo
    permit icmp any host a.b.c.12 echo
    permit icmp any host a.b.c.13 echo
    evaluate iptraffic

    ip access-list extended outbound
    permit ip any any reflect iptraffic

    The problem is: we can't establish FTP connections to outside FTP sites.
    Is there something happening on another IP port when establishing an FTP
    connection?

    Thanks
    Joe
     
    Joe Bloe, Jul 23, 2003
    #1
    1. Advertisements

  2. I have basically the same setup in my 2611. You have to use passive FTP to
    outside sites, or open up everything over 1023 ( if I remember correctly ) on
    the inbound traffic.


    Gordon Montgomery
    Living Scriptures, Inc
    (anti spam - replace lsi with livingscriptures)
    (801) 627-2000
     
    Gordon Montgomery, Jul 23, 2003
    #2
    1. Advertisements

  3.  
    jankemi(remove), Jul 24, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.