I have now active FTP  So port 20 and 21

Firewall# packet-tracer input outside tcp 5.5.5.5 2332 188.20.243.230 21 detai$

Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network FreeNAS
 nat (Internal_Network,outside) static 188.20.243.230 net-to-net service tcp ftp ftp
Additional Information:
NAT divert to egress interface Internal_Network
Untranslate 188.20.243.230/21 to 192.168.1.30/21

Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside_access_in_1 in interface outside
access-list outside_access_in_1 extended permit tcp any object FTP-Server eq ftp
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffc579aeb0, priority=13, domain=permit, deny=false
        hits=2, user_data=0x7fffbe26af80, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
        dst ip/id=192.168.1.30, mask=255.255.255.255, port=21, tag=any, dscp=0x0
        input_ifc=outside, output_ifc=any

Phase: 3
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffc51a0180, priority=0, domain=nat-per-session, deny=false
        hits=482716, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
        input_ifc=any, output_ifc=any

Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffb89abd00, priority=0, domain=inspect-ip-options, deny=true
        hits=778469, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
        input_ifc=outside, output_ifc=any

Phase: 5
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
 Forward Flow based lookup yields rule:
 in  id=0x7fffb8faf170, priority=13, domain=ipsec-tunnel-flow, deny=true
        hits=707187, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
        input_ifc=outside, output_ifc=any

Phase: 6
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (Internal_Network,outside) source dynamic Internal_Network interface
Additional Information:
 Forward Flow based lookup yields rule:
 out id=0x7fffb9306f60, priority=6, domain=nat-reverse, deny=false
        hits=5, user_data=0x7fffb90ac8f0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
        dst ip/id=192.168.1.0, mask=255.255.255.0, port=0, tag=any, dscp=0x0
        input_ifc=outside, output_ifc=Internal_Network

Phase: 7
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
 Reverse Flow based lookup yields rule:
 in  id=0x7fffc51a0180, priority=0, domain=nat-per-session, deny=false
        hits=482718, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
        input_ifc=any, output_ifc=any

Phase: 8
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
 Reverse Flow based lookup yields rule:
 in  id=0x7fffb8a19f10, priority=0, domain=inspect-ip-options, deny=true
        hits=404080, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
        input_ifc=Internal_Network, output_ifc=any

Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 3325952, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat

Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat

Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: Internal_Network
output-status: up
output-line-status: up
Action: allow

Hi,

Have you enable FTP inspection ?

Share the show run policy-map output 

Regards,

Aditya

Please rate helpful posts.

Firewall# show running-config policy-map
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
!
Firewall#

Hi Raimund,

Try using inspection for FTP and then check the traffic:

fixup protocol ftp 21

Regards,

Aditya 

This was the problem

Now it works

Thanks a lot