Reflexive ACL interaction with FTP

From: Thomwin Chen (thomwin_chen@yahoo.com)
Date: Tue Jul 19 2005 - 09:03:09 GMT-3

• Next message: wes@stevens.name: "Re: To Reboot or Not Reboot - That is the Question Here!"
• Previous message: ccie2004@excite.com: "RE: BGP synchronization"
• Next in thread: Gajewski Mariusz - TP POLPAK: "RE: Reflexive ACL interaction with FTP"
• Maybe reply: Gajewski Mariusz - TP POLPAK: "RE: Reflexive ACL interaction with FTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi All,
 
just want to confirm,
since active and passive FTP mode has slighty different operation ( http://slacksite.com/other/ftp.html ) , what would be the Reflexive ACL look like if i want to let active mode FTP to pass fa0/0 ?
 
=======================================
 
LET ACTIVE MODE ( and PASSIVE MODE inclusive ) to pass
 
int fa0/0
 ip access-group outgoing out
 ip access-group incoming in
!
ip access-list extended outgoing
 permit tcp any any reflect comeback
!
ip access-list extended incoming
 permit tcp any eq 20 any
 evaluate comeback
!
 
=======================================
=======================================
 
LET PASSIVE MODE ONLY
 
int fa0/0
 ip access-group outgoing out
 ip access-group incoming in
!
ip access-list extended outgoing permit tcp any any reflect comeback
!
ip access-list extended incoming
 evaluate comeback
!
 

====================================
 
is this ok ?
 
thanks.

• Next message: wes@stevens.name: "Re: To Reboot or Not Reboot - That is the Question Here!"
• Previous message: ccie2004@excite.com: "RE: BGP synchronization"
• Next in thread: Gajewski Mariusz - TP POLPAK: "RE: Reflexive ACL interaction with FTP"
• Maybe reply: Gajewski Mariusz - TP POLPAK: "RE: Reflexive ACL interaction with FTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:30 GMT-3