What version of the pix code are you running? If you have v 6.2 or 6.3 you can run a capture, similar to the unix tcpdump on the outside and insidet interaces on the pix to see what traffic the pix is seeing. The capture command may be available in v6.1 too, I don't know for sure.
One test would be to have an outside host telnet to the target host on port 21 (telnet x.x.x.133 21) and see if a connection is made but the ftp banner does not appear ; not having reverse dns entries can cause this.
Another issue can be with regards to proxy-arp. If the global (x.x.x.132, 133, and 134) addresses are on the same subnet as the pix's outside interface but proxy arp on the pix is turned off (via sysopt noproxyarp outside command) then unless the upstream router has static arp entries pointing to your pix, the pix will not arp and the packets will never arrive.
Run a show sysopt to check the setting of the noproxyarp parameter. You want to have:
no sysopt noproxyarp outside
This will allow the pix's outside interface to be seen as the mac address of the hosts that you want to run the connections to. This is because the global address assigned to those hosts reside on the same subnet as the pix's outside interface.
I did not see anything wrong with your config, however I advise to convert conduit statements to access-list statements as conduit may not be supported in future pix code releases - this is the recommendation that Cisco advises.
Also run the capture commands and set the pix logging beffer level to error and try to connect, after you make sure that the no sysopt noproxyarp is set (no noproxyarp means to enable it).
Between the error log, the capture and the proxyarp setting, we should get some valuable info.
The cisco pix 6.3 command reference will explain how to setup the capture. I would run two at the same time, one on the outside interface using the global ip in the acl, and one on the inside using the real/inside ip in the acl.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...