
key configuration: [USG3000]nat server protocol tcp global 1.1.1.1 2121 inside 192.168.1.250 21
[USG3000-zone-trust]nat 2000 address-group 1
Software type: USG3040 V100R002
Problem phenomenon: 1. Users did a “NAT-SERVER’ port mapping (the external network 2121 mapping the 21 port of internal network) a FTP SERVER of internal network, and at the same time also did domain NAT function, “NAT-SERVER” function is normal.
1. Domain NAT is not normal, PC end can't use the FTP passive mode access to FTP SERVER, active mode is normal, if change the NAT-SERVER mapping to 21 port mapping 21 port, they are all normal