We are using the built-in FTP option on Microsoft Server 2003 Standard Edition SP2. I have a UC540W-FXO-K9 unit with NAT rules to allow Port 20 and Port 21 traffic through to the IP of our server. Since NAT sets up ACL entries I also have under Rule 104 entries for Port 20 and 21. When everything is setup this way I am able to connect to our FTP but when I try to do a directory listing I receive the following error on my FTP client: "425 Can't open data connection. Failed to retrieve directory listing". I have tried different FTP clients along with using Active and Passive mode, all have produced the same error message.
I have read various postings on the Forums here and came across one that referenced Cisco Document ID 26448
(http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#passiveftp). Going off of the section PassiveFTP I was able to get a directory listing by adding an ACL entry under the 104 rule of Allowing Destination Ports Greater than 1024 with TCP Protocol 6. I have yet to try the section on Active yet so I am not sure if that works for me or not.
My question is by opening up such a wide range of ports is that a increased security risk? If it is I am stuck because just going off of the majority of the posts on the Cisco Support Community and reading around various other sites saying you just need Port 20 and 21 opened up isn't working for me.
Any insight would be appreciated and if I have left out any info please let me know what to add and I will include it. Thanks in advance for any help.