Hi all

just configured ipsec with denay all and allow a few tcp ports

for ftp i allowed my ip-> any ip port tcp 20,21

but i am unable use ftp outside server

incoimng ftp is not required on this server so no enabling for that

dns tcp udp53, are enabled both ways


when i try ftp at command like it says not reachable host
can anyone help

deepa

Are you connecting via a host name or direct IP?

Hi


am trying both

it doesnt work either way

though for and ip where i hv allowed all ports in and out from this server ftp works!

The remote host is likely using PASV FTP, which uses a random outbound port out of a configurable range of ports on the server. There's really no way you can account for something like that in IPSec.

On most FTP servers, you can control which ports are used for passive then pop open those ports on IPSec.

That's why I still go with my if you only want to block certain ports, locking down 135-139 TCp/UDP and 445 TCP/UDP is NEVER wrong.

Yes, I realize that, but if I'm understanding the OP's post correctly, he's trying to connect to a remote FTP server. If he owns the other server, then he will have knowledge of the ports it has defined for PASV, otherwise he doesn't have many options. He needs to open that outbound range up in IPSec.