Allowing FTP through ASA/Firewall

I am having some issues with allowing this through our ASA. I started pulling the config apart to post but started googling and I see some stuff about having to allow other high ports. I currently have what I think are the correct ones, 21 and 20.

Anything blatent that I am missing or should I continue to post the config here?

TIA.

Nevermind on this, I found the answer. For those that might want/need this later. I didn't have :

fixup protocol ftp 21

In my config. Added it in and Poof it works!

What exactly does that line do?

That actually is the line from Pix 6.3 code. The ASA though I found out converts it to the correct Policy Map, Traffic Inspection and Service Policy.

Basically, the Fixup allows the Firewall to inspect (inspect is actually what is used in version 7+) the traffic. It checks it for RFC Compliancy, etc... but more importantly it makes the firewall FTP aware. This means that the firewall can monitor the FTP Communication and can open the necessary secondary ports that are required with the FTP protocol (i.e. Port 21 for the Command, once data is actually being transmitted, Port 20 is used for the data, this needs to be allowed through the firewall, while its inspecting the traffic, the firewall will notice which port the traffic is coming from and dynamically open it).

It would be worth reading about it within this site, in particular the differences between PASV and ACTIVE (PORT) Modes www.firewall.cx/ftp.php

Thank you for the info. I will check that out.