Eli Fulkerson .com HomeArticlesCisco-asa-ftp-fixup-snippet
 


Howto: Permit active FTP sessions through a Cisco ASA

This is a snippet for the Cisco ASA firewall that permits active FTP sessions to pass through. This is the equivalent to the 'fixup ftp' commands of the previous PIX OS versions. For whatever reason this functionality was no longer enabled by default in my Cisco ASA 5510 [Cisco Adaptive Security Appliance Software Version 7.0(5)].

If you are already using the class-map, policy-map or service-policy commands, this snippet is probably not going to work. You would need to implement the similar commands without disrupting the rest of your service policy. In that case, however, you probably should already know what you are doing.

Here is the snippet:

class-map inspection_default
 match default-inspection-traffic
!
!
policy-map asa_global_fw_policy
 class inspection_default
 inspect ftp
!
service-policy asa_global_fw_policy global

Download this snippet (plain text) here.