Ran into an issue trying to allow for passive-ftp on an ASA 5520. I have enable the ftp mode passive, even went so far as to allow an "ip any" to the FTP server in the DMZ and disable the global filtering policy. The client will connect, but cannot transfer files. Any ideas?
The issue turned out to be with the customer's FTP server. There was a setting that they did not have correct. ftp mode passive should be all that you need. Sometimes you may have to go into the default global policy and remove the ftp inspect portion. Hope this helps.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...