You need MPF for the ASA to inspect FTP on port 2121
With regards Kings On Mon, Jul 5, 2010 at 8:31 PM, Jimmy Larsson <[email protected]> wrote: > I might be blind/stupid, or it´s just because I am on my 11th hour of > online rackrental, but... > > In Wb2 lab 16 task 1.5 it saids: > > MPF > * There ar 2 FTP-servers on DMZ, 172.16.7.104 and 172.16.7.105 > * They should be seen to the outside world as 200.13.24.100 and > 200.13.24.105 > * The FTP servers on the DMZ are using port 2121. Make sure outside > networks can FTP to servers in the DMZ > * Do no t allow FTP traffic outbound thru ASA to FTP server 200.13.6.100. > > The heading for the task is MPF and the DSG does: > * 2 statics > * access-list denying ftp-traffic to 6.100, and permitting traffic to > 24.104/105. > * class-map FTP, match access-list > * policy-map global_policy, class FTP, inspect ftp strict > > So, why are we using MPF at all? My solution was just to: > * add those 2 statics for inbound traffic > * put a deny of outbound traffic to stop ftp to that outside ftp-host > 200.13.6.100 > > What am I missing? > > /J > > -- > ------- > Jimmy Larsson > Ryavagen 173 > s-26030 Vallakra > Sweden > http://blogg.kvistofta.nu > ------- > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
