ACL scope and FTP

We have adjusted our ACL and pulled the permit tcp any any gt 1023 and replaced by the any any established order but this ftp is broken. The ACL is applied on the ethernet interface in the local network. How can I add firmly FTP?

allow tcp any a Workbench

???

Perhaps this link should help.

http://www.Cisco.com/en/us/Tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml

What we do is to define a range of ports for passive ftp mode. For example, 6000 to 6100.

To remedy this, you use

access-list 100 permit tcp any host 192.168.1.100 gt 1023

You must use

access-list 100 permit tcp any host 192.168.1.100 range 6000 6100

But, in my view, from the server view, active FTP is more secure than liabilities.

Hope this helps

Tags: Cisco Security

Similar Questions

  • Satellite L30-115 - deleted TCP and FTP packets

    Hi all

    I have a Toshiba Satellite L30-115 and a DSL connection. I have a problem with my laptop running Win XP SP2 with AVG anti-virus.

    TCP and FTP packets are systematically deleted by Firewall setting or my system. I tried these tools that rewrite the registry entries for the TCP/IP protocol in Windows XP, but nothing seems to fix. Everything that affects the TCP fails systematically:
    [My browser tells me that the connection was reset during any process, AVG says automatic updates failure but 1] I always got ping www.yahoo.fr and strangest of all, Skype connects properly (likely because it uses another protocol and also because it is in the exception list from my firewall).
    Here is that I only have the native Win XP firewall and not others (license AVG, I've got is only to protect web, mail and virus).

    Another thing is that the problem persists even when I turn off the firewall or if I play around with the settings.

    Help, please.

    Didier

    Hello

    Check this short work around:
    Start the CMS (control console)
    Then type this command: * ipconfig / renew *.

  • probably caused by the settings of the firewall on your computer. Check the settings for HTTP port (80), HTTPS port (443) and FTP.

    Change the title: internet connection.

    Unable to connect to the internet, suddenly, message that I can't connect to the internet using HTTP<>< or="" ftp.="" thios="" is="" probably="" caused="" by="" firewall="" settings="" on="" your="" computer.="" check="" settings="" for="" http="" port(80),="" https="" port(443)="" and="" ftp.="" funny="" i="" was="" just="" on="" the="" net="" not="" more="" than="" 10="" minutes="" prior="" to="" this.="" checked="" all="" conections-="" good.="" what's="" my="" next="">

    Try a system restore to a Date before the problem began:

    Restore point:

    http://www.howtogeek.com/HOWTO/Windows-Vista/using-Windows-Vista-system-restore/

    Do Safe Mode system restore, if it is impossible to do in Normal Mode.

    Try typing F8 at startup and in the list of Boot selections, select Mode safe using ARROW top to go there > and then press ENTER.

    Try a restore of the system once, to choose a Restore Point prior to your problem...

    Click Start > programs > Accessories > system tools > system restore > choose another time > next > etc.

    http://www.windowsvistauserguide.com/system_restore.htm

    Read the above for a very good graph shows how backward more than 5 days in the System Restore Points by checking the correct box.

    See you soon.

    Mick Murphy - Microsoft partner

  • ACL router and Switch

    Hello.

    I have a small question.

    I implemented a simple extended ACL.

    ip licensing 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255

    refuse an entire ip

    It is enabled on the SVI interface IN direction with ip 10.10.10.1/24.

    When I test with the ping from the router to a network blocked from using the interface (SVI) source ACL does not work.

    Example: ping source 172.16.1.5 10.10.10.1 = success.

    This should not be blocked and only allow traffic to 192.168.1.0/24?

    So my questions. The ACL effect on the interface of the router itself and only other hosts on the subnet / vlan? (I think I remember having read about it, but can't find it)

    Thank you.

    Hi traffic there, navigate the interface so that the ACL to be considered. Here is a link to another thread on the forum that explains this very well:

    https://supportforums.Cisco.com/discussion/12043016/pls-explain-SVI-ACL-source-and-destination-direction

    I hope this helps!

    Thank you for evaluating useful messages!

  • Removal of Telnet and FTP (keep the SSH/SCP)

    I don't want the sensors to run Telnet and FTP, services because I want to force anyone to connect to them to use SSH/SCP.

    I edited the /etc/initd.conf and put in comment lines that start these services. However, this may not be the 'best method' because after that I tried that all of a sudden the sensor stopped listening on port 22 and I couldn't connect with SSH (of course). When I Uncomment the lines telnet and ftp in the inetd.conf, SSH/SCP/port 22 is open again. Weird. What should I do to remove these services?

    BTW: on an unrelated note, the/dev/iprb0 (command and control) interface is the card that is assigned an IP address and is used for the connection of the sensor. / Dev/spwr0 is the interface which doesn't listen for traffic in promiscious mode and does not have an IP address assigned, right?

    Thank you

    Erik

    Run sysconfig-sensor, there should be an option in the secure communications box to disable telnet and ftp. Sysconfig-sensor will then take care to make the changes for you.

    4220 and 4230 sensor devices, your statements are correct for the interfaces.

    NOTE: 4210, 4235 and 4250 sensors have names of different interfaces.

    Marco

  • problem installing windows 7 finishing installation scope and freeze for hours please help

    problem installing windows 7 finishing installation scope and freeze for hours please help

    my pc req:
    2 GB of ram
    NVIDIA geforce 210 1 GB
    180 GB
    Pentium 4 3.40
    Help, please

    Turn off the computer.

    try to start safe mode, start your PC, just before the system loads the Windows operating system. Press the [F8] key function 8 on your keyboard which will launch the menu Advanced Boot Options. Select Safe Mode.

    Log, click Start, type Device Manager, press ENTER.

    Expand graphics cards

    Right-click your video card, click on uninstall.

    Restart your system

    Log, click Start, type Device Manager, press ENTER.

    Expand graphics cards
    Right-click your video card

    Driver update software; then click search automatically for updated driver.

  • View scopes and composite video at the same time?

    Is it not possible to view video scopes and composite video in the source or program monitors simultaneously? It seems that only the option to view scopes or composite video, but not both (as in FCPX) exist.

    I know that I can use the monitor for a film in the timeline panel, but it is not updated live, which is annoying.


    Am I missing something?

    (This seems a silly omission... unless I use my 'man-eyes')

    You can open the reference monitor and which has a reach.

    Only scopes in the live update program monitor.

  • How can I get my list of sites and FTP access, password etc... (old win 7 on an external drive)

    Hello, this is not considered a regular registered sites export (I have many)... and it's a mistake.

    In short, after computer out, I got the hard drive I have USB (old win 7 pro on an external drive)

    How can I get my list of sites and FTP access, password etc...

    they are encrypted in the registry if I'm not mistaken?

    any idea?

    Thank you.

    (Google translation)

    proceedings found:

    Just do an export of the new common/site .reg file and the modifier with the values of the old and then importing, everything works

    Thank you

  • File and FTP diff b/w adapter?

    What is the difference between file and FTP adapter?

    (1) the file adapter is used, when the process is to read/write/list files on your local system (where your FMW server is installed and running).

    (2) However, the FTP adapter is used, when the process is reading/writing/list of the files in a system essentially other than the local system (where your FMW server is installed and running) which is set up as an FTP server to access files. The system can be with your network or outside of your network.

    --
    Mark the detachment as "useful" or "right answer", if your problem is resolved.

  • CS5 I get "and FTP error produced - can not connect to the host."

    CS5 I get "and FTP error produced - can not connect to the host." Your login or password is incorrect. Please check your login information. I work with three sites. One of them connects fine, but two of them get this message - and I am well aware that the user name and password are correct on each of them. Can anyone help?

    Call your host.

    Nancy O.

  • scope and read the significant digits vi

    Hi all

    Let me start by giving you some background.

    I'm measuring a RMS (approximately 1.8V) voltage using NOR-Scope read Vi, which works very well, my problem is that I also try to calculate the current RMS within the same Vi, using a known resistance. With the voltage, I have only two significant digits using playback OR-Scope, which gives me too much a rounding error, when it comes to the current problem.

    So my question is this; is there another stock Vi that I could use to increase the number of significant digits to get or is it possible to increase the number of significant digits with the Vi? Other ideas are welcome and thank you for your help.

    I don't know what is this 'NO-Scope reading measure Vi', but how many significant digits you put your indicator (right click, properties)? If this does not help, please contact your VI.

    Cameron

  • Issues DHCP and FTP

    I have a RIS server running server 2012 R2 with DHCP and filezilla for FTP and a desktop running windows 7. The server can ping the desktop computer, but Office cannot ping the server, but the Office can obtain a DHCP server address. How can I get it to connect to the ftp service?

    Hello Zack,

    Thanks for posting your question on the forum of the Microsoft community.

    The question will be better suited to the audience of professionals on the TechNet forums.

    I would recommend posting your query in the TechNet forums.
     
    TechNet Forum
    http://social.technet.Microsoft.com/forums/en-us/home?category=WindowsServer

    Thank you

  • command to erase the hit ACL County and stats interface

    Hello

    Does anyone know a command to erase the HIT count on an ACL and a command to clear the counters on an interface for the PIX? I can't find it anywhere. Any help would be appreciated. Thank you.

    The f

    Hello

    Try the command:

    > access-list clear counters

    This clears the counters displayed by the show access-list command.

    To delete counters on an interface, enter configuration mode and issue this command: clear int ethernet0

    (You must be in config for this command mode works.)

    Speed/duplex, once spending config mode and type this command: interface ethernet0 100full

    In addition, the following URL might be of interest...

    http://www.Cisco.com/en/us/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#1112250

    Hope this helps - thanks, Jay

  • PIX and FTp problems

    We have a PIX running 4.4 (5). When internal and to access the FTp server form the outside, time-out of random connections. We ave tried passive mode with no improvement.

    Any other ideas?

    Thank you

    Brian

    Not sure if this applies to you: bug CSCds48493

    First thought is to upgrade the operating system at least 5.x or 6.x.

    It will be useful.

    Steve

  • Can possible save of Cisco DCNM on NFS and FTP on the stand-alone dcnm Server

    Can anyone suggest me that how I can back up the database DCNM 7.2 for a stand-alone server on NFS /FTP?

    What is the procedure to perform the backup on server NFS /FTP?

    Is any dependency to take backup on remote servers from stand-alone server DCNM (not HA)?

    Hello

    VIEW includes a database backup utility in the $INSTALLDIR/dcm/directory/bin/view.  There are 2 versions of the script, one for Oracle and one for postgres databases, and they both can be run from the server command line.  These scripts will create a dump (.dmp) database file which you can ftp offshore to another server to files, if you wish.

    For reference, here is the documentation on backups of db VIEW:

    http://www.Cisco.com/c/en/us/TD/docs/switches/Datacenter/SW/7_2_x/Fundam...

    Thank you

    Eric

Maybe you are looking for

  • Average of stopwatch

    Hello world I m using LV to recognize the particle in the fluid flow. I m using 'Elapsed Time' express VI as a stopwatch. Time is running out until the particle is recognized, when no particle is recognized, time is reset and it starts to work when e

  • Yoga 11s stops immediately when the power cord is unplugged.

    It indicates that the battery is fully charged, but when I unplug it comes completely dies. I just got this laptop referbished. What is going on?

  • Find the requirement software LabVIEW project

    Hello world Someone knows how, a LabVIEW project with multiple targets data (computer, Compact RIO sbRIO, PXI,...), which is the component of the software and drivers required to run correctly and completely the screws of the project contains assumin

  • Windows Update error code 8000FFFF, and Windows Defender error code 80080005 0 x.

    HelloThese error messages are on my laptop.  The last successful update was January 14, 2010.  He arrived on my desk before but I changed to windows 7 and no probs so far.  Everything continues to be on my laptop.  So I was a little stuck with reinst

  • an another 3520 with no black ink printing

    Wow this is very disconcerting.  I have the same problem with a 14 months old hp deskjet 3520 - prints without black - or very light ink.  Cleaned print heads several times, tried a second new hp black cartridge.  Ugh, just bought 3 new black cartrid