I have a 5520 and PASV FTP is working fine but ACTIVE FTP is not. I have enabled ftp inspection and I am actually seeing resets.
Inspect: esmtp _default_esmtp_map, packet 0, drop 0, reset-drop 0
Inspect: dns preset_dns_map, packet 1307204594, drop 5704127, reset-drop 0
Inspect: ftp, packet 4004288, drop 0, reset-drop 45
In the capture that I did in the OUTSIDE interface I am seeing NO problems with control channel however with the data channel Iam seeing problems. The Server tries to connect using port 20 to the client however in the next packet there is a reset from the ASA to the ftp server.
In the inside capture the packet from the server on port 20 to the client is never seeing so it's the ASA.
I have a ZBF in the inside however like I said the request from the server on port 20 to the client on port X is never seeing in the capture.
Why whould the FTP INSPECTION reset the connection?
Im not using any regex to reset connections or something similar that could be causing this behavior.