Hi Friends,
I like to mention here an interesting fact. I have a FTP Server on one side
of ZBFW and FTP Client on other interface. I this using experimented in IOS
Version 15.0(1)M3. I was able to login to FTP server from Client PC using
cmd prompt (C:> ftp 172.16.1.2), But not able to list the directories.Then i
realised it is FTP control channel issue (FTP Port 20).
I tested this same scenario using IOS version 12.4(15)T5 & found that it is
working with the same configuration i used in IOS 15.0. The configuration is
below
class-map type inspect match-any CLIENT-SRV
match protocol icmp
match protocol ftp
class-map type inspect match-all CLIENT-SRV-TRAFFIC
match access-group name CLIENT-SRV
match class-map CLIENT-SRV
!
policy-map type inspect CLIENT-SRV-TRAFFIC
class type inspect CLIENT-SRV-TRAFFIC
inspect class class-default
drop log
!
zone security CLIENT-SRV
zone security SRV-CLIENT
zone-pair security CLIENT-SRV source CLIENT-SRV destination SRV-CLIENT
service-policy type inspect CLIENT-SRV-TRAFFIC
zone-pair security SRV-CLIENT source SRV-CLIENT destination CLIENT-SRV
service-policy type inspect SRV-CLIENT
interface FastEthernet0/1
description #### FTP-CLIENT #####
ip address 192.168.1.5 255.255.255.0
zone-member security CLIENT-SRV
!
interface FastEthernet0/0
description #### FTP SERVER ###
ip address 172.16.1.1 255.255.255.0
zone-member security SRV-CLIENT
It is working with IOS 12.4 and not working in IOS 15.0(1)
ANY CLUES SIR???
regards,
sairam
Blogs and organic groups at http://www.ccie.net
Received on Sat Apr 09 2011 - 13:04:52 ART
This archive was generated by hypermail 2.2.0 : Sun May 01 2011 - 09:00:29 ART