Now, the config:
*** Create the service for reference ***
object service FTP
service tcp destination eq ftp
*** Create the internal IP for the client ***
object network FTP_Inside
host 10.1.1.8
*** Create the external IP for the client ***
object network FTP_Outside
host 22.19.7.22
*** Allow the external ACL to allow the traffic ***
access-list acl_inbound extended permit tcp any host 10.1.1.8 eq ftp
*** Create the static NAT translation for that service only ***
nat (inside,outside) source static FTP_Outside FTP_Outside destination static FTP_Inside FTP_Inside service FTP FTP
Very nice. Will this config handle both active and passive modes, or does that require any kind of "fixup" to be applied?
ReplyDeleteGood question. The customer had not said anything to me about it. But I'm thinking it's for active only. I think for passive to work, you would probably have to do a "inspect ftp" on the default policy, which I didn't do, I'm sure. But, I think it's on by default in the default policy.
Delete