I need some help with IP extended access lists.
I have an FTP server on the inside and I need to allow access to it from
the outside. There are two ports used, FTP (20) for control and FTP-DATA
(21) for the transfer of actual data.
When the two sides decide to start data transfer, does the server or the
client open the data connection (TCP)? I assume that in passive mode,
the client opens the connection and in normal mode, the server opens
connection. How is port FTP-DATA used? Is that port always used on the
server side?
access-list 101 permit tcp any host a.b.c.d eq ftp
access-list 101 permit tcp any host a.b.c.d eq ftp-data
Will the above work in all cases, where the server has the address
a.b.c.d?
In one case I saw
access-list 101 permit any eq ftp-data host a.b.c.d
That is what started me thinking.
Some applications using UDP use the same port on both sides, e.g.
access-list 102 permit udp any eq isakmp host a.b.c.d eq isakmp
allows IPSEC key exchange between the outside and inside.
Other examples, I think, are netbios name service (port 137) and netbios
datagram service (138). Am I right? Are there other applications using
the same port number on either side for UDP service?
TIA.
Nelluri Reddy
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]