I am able to ftp from my Head Office to my test machine at the remote location but I can't get the other way around to work.
deny tcp src 192.168.50.5/1825 dst 208.124.202.44/21 by access-group "dmz_access_in"
I try a couple of ways to fix it but no luck.
l would appreciate some help.
access-list outside1_cryptomap extended permit ip object LAN object HeadOffice-VLAN3
access-list inside_access_in extended permit ip interface inside interface outside1
access-list inside_access_in extended permit icmp any any
access-list outside1_access_in extended permit ip any interface outside1
access-list outside1_access_in extended permit tcp object-group DM_INLINE_NETWORK_1 interface outside1 eq https
access-list outside1_access_in extended permit tcp any host 192.168.50.5 eq www
access-list outside1_access_in extended permit tcp any host 192.168.50.5 eq https
access-list outside1_access_in extended permit tcp object-group DM_INLINE_NETWORK_2 host 192.168.50.5 object-group RDP
access-list outside1_access_in extended permit tcp object-group DM_INLINE_NETWORK_3 host 192.168.50.5 eq ftp
access-list dmz_access_in extended permit tcp any object Server2 eq www
access-list dmz_access_in extended permit tcp any host 192.168.50.5 eq www
access-list outside_access extended permit object http any object Server2
access-list extended extended permit tcp any host 192.168.50.5 eq ftp
access-list extended extended permit tcp any host 192.168.50.5 eq ftp-data
access-group inside_access_in in interface inside
access-group outside_access in interface outside
access-group outside1_access_in in interface outside1 per-user-override
access-group dmz_access_in in interface dmz per-user-override
object network Server2
nat (dmz,outside1) static interface service tcp www www
object network Server3
nat (dmz,outside1) static interface service tcp https https
object network RDP2
nat (dmz,outside1) static interface service tcp 3389 3389
object network ftp
nat (dmz,outside1) static interface service tcp ftp ftp
ftp mode passive
