We only have trouble from our outside interface to ftp servers on our dmz. I have narrowed it down to pasv mode FTP. I opened ports and mapped them on the FTP server to fix it. What is odd is that with the same configuration on the PIX, we did not have to specify pasv ports for FTP traffic connecting on port 21. Is there a global setting on the ASA regarding pasv FTP through the ASA that did not apply to the PIX?


