Eli Fulkerson .com HomeArticlesCisco-asa-ftp-fixup-snippet

Howto: Permit active FTP sessions through a Cisco ASA

This is a snippet for the Cisco ASA firewall that permits active FTP sessions to pass through. This is the equivalent to the 'fixup ftp' commands of the previous PIX OS versions. For whatever reason this functionality was no longer enabled by default in my Cisco ASA 5510 [Cisco Adaptive Security Appliance Software Version 7.0(5)].

If you are already using the class-map, policy-map or service-policy commands, this snippet is probably not going to work. You would need to implement the similar commands without disrupting the rest of your service policy. In that case, however, you probably should already know what you are doing.

Here is the snippet:

class-map inspection_default
 match default-inspection-traffic
policy-map asa_global_fw_policy
 class inspection_default
 inspect ftp
service-policy asa_global_fw_policy global

Download this snippet (plain text) here.