Having some issues with a Cisco PIX IOS 7
we've put an FTP server in our DMZ and normal FTP access seems to be working but when we want the client to connect over 990 it doesn't seem to work, however if i connect from another machine on the DMZ it's all fine.
The relevant bits of the config are shown below:
ftp mode passive access-list out-acl extended permit tcp any host xx.xx.xx.23 eq ftp access-list out-acl extended permit tcp any host xx.xx.xx.23 eq ssh access-list out-acl extended permit tcp any host xx.xx.xx.23 eq 990 access-list out-acl extended permit tcp any host xx.xx.xx.23 eq ftp- data access-list out-acl extended permit udp any host xx.xx.xx.23 eq 990 static (DMZ,outside) xx.xx.xx.23 192.168.yy.4 netmask 255.255.255.255 access-group out-acl in interface outside
There isn't currently an access list defined for the DMZ interface, should i add one and specifically permit 990 out?