Can servers sitting behind the ACE successfully ftp files if the following rules are in place?
access-list word line x extended permit tcp source destination eq 21
access-list word line y extended permit tcp source destination eq 20
With those lines I can establish an FTP session, but unable to transfer files.
With the following statement access-list word line x extended permit ip source destination, passive ftp works?
IS this because the ACE acl does not allow for stateful inspection of an FTP session?
You are right lack of fixup/inspect is the reason for FTP connections to fail.
You need something in line with the following config
class-map match-all FTP-Traffic
2 match port tcp eq ftp
policy-map multi-match xyz
Syed Iftekhar Ahmed