EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1119 background imageLoading...
Page #1119 background image
1-13
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Inspection of Basic Internet Protocols
FTP Inspection
Where the regex_name is the regular expression you created in Step 1. The class regex_class_name
is the regular expression class map you created in Step 2.
d. (Optional) To match a file type for FTP transfer, enter the following command:
hostname(config-cmap)# match [not] filetype regex [regex_name |
class regex_class_name]
Where the regex_name is the regular expression you created in Step 1. The class regex_class_name
is the regular expression class map you created in Step 2.
e. (Optional) To disallow specific FTP commands, use the following command:
hostname(config-cmap)# match [not] request-command ftp_command [ftp_command...]
Where ftp_command with one or more FTP commands that you want to restrict. See Table 1-1 for a
list of the FTP commands that you can restrict.
.
f. (Optional) To match an FTP server, enter the following command:
hostname(config-cmap)# match [not] server regex [regex_name | class regex_class_name]
Where the regex_name is the regular expression you created in Step 1. The class regex_class_name
is the regular expression class map you created in Step 2.
g. (Optional) To match an FTP username, enter the following command:
hostname(config-cmap)# match [not] username regex [regex_name |
class regex_class_name]
Where the regex_name is the regular expression you created in Step 1. The class regex_class_name
is the regular expression class map you created in Step 2.
Step 4 Create an FTP inspection policy map, enter the following command:
hostname(config)# policy-map type inspect ftp policy_map_name
hostname(config-pmap)#
Table 1-1 FTP Map request-command deny Options
request-command deny Option Purpose
appe Disallows the command that appends to a file.
cdup Disallows the command that changes to the parent directory of the
current working directory.
dele Disallows the command that deletes a file on the server.
get Disallows the client command for retrieving a file from the server.
help Disallows the command that provides help information.
mkd Disallows the command that makes a directory on the server.
put Disallows the client command for sending a file to the server.
rmd Disallows the command that deletes a directory on the server.
rnfr Disallows the command that specifies rename-from filename.
rnto Disallows the command that specifies rename-to filename.
site Disallows the command that are specific to the server system.
Usually used for remote administration.
stou Disallows the command that stores a file using a unique file name.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals