Hi all When the ftp client is on inside and the server is outside, then the ASA inspection will take care of connection by having dynamic openings. For the case, when the ftp client is outside and the server is inside, then what ports should be open in the ACL.
ftp client --------------- outside ASA inside ----------------------- ftp server Since, the ftp client is outside, if we just open the control port (21), will it work? *First solution* access-list ftpacl permit tcp any any 21 access-list ftpacl permit tcp any any 20 *Second solution* access-list ftpacl permit tcp any any 21 Bit confused, which solution should be use? With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
