check the following URL:
http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093de6.shtml
it explains you need a source group for the ftp data connection.
Since you also need a group to nat client ip address, you have a problem since you can't do both at the same time.
The solution is to use ACL and the 'sourcegroup option'.
So you keep your group but you removed all the service attach inside it.
Then you create an ACL like this one
acl 1
clause 10 permit tcp any destination eq 21 sourgroup
apply circuit(VLAN-client)
acl2
clause 1o permit tcp destination any sourcegroup
apply circuit(vlan-server)
This should work.
If not, make sure to try both passive and active ftp to see if at least one works.
Gilles.