Since upgrading to the A2 code from the 1.6.3 code you must apply inspect ftp on a layer 3 class.

This has broken my outbound NAT when using FTP, and I'm wondering what the workaround is. In A2, all of the 'inspect ftp' statemens below are invalid. But I also don't know how I would be able to match the servers on a layer 3 basis to get the inspect ftp command to accept inside the class??

Right now I'm stuck on 1.6.3, which has a serious bug that warrants upgrading, but I'm not sure how to get FTP inspection inside my NAT classes.

policy-map multi-match NAT-Policy

class DST-NAT-internal

nat dynamic 500 vlan 410

class DST-NAT-accuratenxg

nat dynamic 131 vlan 310

class DST-NAT-accurate1

nat dynamic 21 vlan 310

class DST-NAT-margin1p

nat dynamic 22 vlan 310

class DST-NAT-nuflowdb1p

nat dynamic 23 vlan 310

class DST-NAT-nuflowsch1

nat dynamic 24 vlan 310

class DST-NAT-nuflowweb

nat dynamic 25 vlan 310

class DST-NAT-reconapp1

nat dynamic 26 vlan 310

class DST-NAT-recondb1p

nat dynamic 27 vlan 310

class DST-NAT-clrdb1p

class DST-NAT-bsatech-ftp

nat dynamic 28 vlan 310

inspect ftp

class DST-NAT-bsatech

nat dynamic 28 vlan 310

class DST-NAT-bsaclearing-ftp

nat dynamic 30 vlan 310

inspect ftp

class DST-NAT-bsaclearing

nat dynamic 30 vlan 310

class DST-NAT-gloss1

nat dynamic 32 vlan 310

connection advanced-options TCP_Timeout_Sybase

class SRC-NAT-bpsadv1p

nat dynamic 33 vlan 310

class SRC-NAT-jedi1p

nat dynamic 34 vlan 310

inspect ftp