As I explained 1:1 NAT (with example for PPTP passthrough) in this post you can also add more PAT just based on your access-list. I recognized a problem at one customer that FTP needs an inspection firewall entry. The customer runs a passive FTP server on tcp port 3002 which I forwarded to inside:
object network MyFTPserver
host 192.168.23.33object network MyFTPserver
nat (inside,outside) static 88.77.66.24access-list world_in extended permit tcp any object MyFTPserver eq 3002
access-group world_in in interface outside
He could connect from outside but can’t list the folders so I configured a inspection firewall setting:
class-map class_ftp
match port tcp eq 3002policy-map global_policy
class class_ftp
inspect ftpservice-policy global_policy global
After this input the problem was solved!
