I am having trouble getting client to connect to my ftp server via an established vpn.

On the server side we run a  pix 500 series with version 7 of the ios and on the client end an older 501 device with version 6.3 of the ios.

The vpn is established and working.

When I perform a telnet from the client side to the server on the other end of the VPN on port 21, I get an open response.

However when I use a FTP client to connect I do not get any further response beyond the initial connect.

It almost seems like the "inspect" command is not working properly and its rejecting traffic from the FTP server back to the client end thereby not sending the data port back to the client.

On the 515 side I see the following in the logs:

Jan 18 11:45:28 vpn1-active-dmz-cpt Jan 18 2010 10:59:14: %PIX-7-609001: Built local-host inside:ZA01_FTPonl_IPint
Jan 18 11:45:28 vpn1-active-dmz-cpt Jan 18 2010 10:59:14: %PIX-7-609001: Built local-host outside:CST_ZA03001_cl01
Jan 18 11:45:28 vpn1-active-dmz-cpt Jan 18 2010 10:59:14: %PIX-6-106015: Deny TCP (no connection) from ZA01_FTPonl_IPint/21 to CST_ZA03001_cl01/
52768 flags SYN ACK  on interface inside
Jan 18 11:45:28 vpn1-active-dmz-cpt Jan 18 2010 10:59:14: %PIX-7-609002: Teardown local-host inside:ZA01_FTPonl_IPint duration 0:00:00
Jan 18 11:45:28 vpn1-active-dmz-cpt Jan 18 2010 10:59:14: %PIX-7-609002: Teardown local-host outside:CST_ZA03001_cl01 duration 0:00:00

Is FTP possible like this via a VPN or is there a workaround for this?