ASA 5505 Version 8.2(1)
I have one PC that has to connect to public FTP in passive mode.
But if I understand right in pasive mode PC connects
to randomally data port of server.
What do I have to specify in confoguration of ASA 5505:
Open for PC all ports of specified FTP address
or to give range of data ports that server assigns randomally.
Enable the FTP inspection in the global policy-map. This will dynamically open the PASV port ranges will NAT the PASV IP to it's public counterpart if necessary.
With this configuration, you will only need to open port 21 inbound for each host that is to connect via FTP.
This link explain the fixup protocol