Cisco Adaptive Security Appliance Software Version 7.2(2)
access-list ouside-acl extended permit tcp host x.x.x.x host x.x.x.x eq ftp
access-list outbound-ftp extended permit tcp host x.x.x.x host x.x.x.x eq ftp
class-map outbound-ftp-1
match access-list outbound-ftp
!
policy-map type inspect ftp outbound-ftp-2
parameters
match request-command put
reset
!
policy-map internet-policy
class outbound-ftp-1
inspect ftp strict outbound-ftp-2
!
service-policy internet-policy interface inside
Cisco Adaptive Security Appliance Software Version 7.0(7)
access-list inside-acl extended permit tcp host x.x.x.x host x.x.x.x eq ftp
access-list ftp-inside-down-acl extended permit tcp host x.x.x.x host x.x.x.x eq ftp
!
class-map ftp_inside_down_clm
match access-list ftp-inside-down-acl
!
ftp-map ftpmap_inside_down
request-command deny put
!
policy-map ftp_inside_down_plm
class ftp_inside_down_clm
inspect ftp strict ftpmap_inside_down
!
service-policy internet-policy interface inside
转载于:https://www.cnblogs.com/milo85/archive/2008/06/30/1232630.html