Question : Problem: cisco vpn client FTP error - passive /active symptoms

Several of our offices have Cisco vpn3002 (ver 4.1.7.D) devices behind a Cisco 2600 router (IOS 12.1(8a)) where ftp clients timeout waiting for a directory listing or the data portion of an ftp connection in ftp software, but can authenticate ok.  Since we are split-tunneling directly out the onsite router (not the VPN concentrator) it doesn't make any sense to me.  This only happens to one specific ftp site.  But it gets even more strange....different ftp clients exhibit different symptoms.  Ftpx (ftp explorer) does not work in either passive or active mode or firewall mode.  Command line ftp from NT works to login but fails the directory listing or any attempt at file transfer.  But WS_FTP Pro works works fine in passive mode from these locations.  

All of these ftp clients ALSO work from other test locations in active mode , one site I tested had a Netopia router, one test site had a PIX firewall where I would have expected more problems (it has the ftp fixup command.)

I have talked to the operator of the ftp site and they are using a Sonicwall firewall port forwarding to the ftp server which is a SnapOS appliance from Adaptec using some unix variant of ftp server software.  They have not had complaints from other locations and of course think its our setup.

Ordinarily I would punt and just suggest using WS_ftp but management is insistent on standardizing on ftp explorer and says this issue must be resolved.  

any help appreciated.

Answer : Problem: cisco vpn client FTP error - passive /active symptoms

Thanks for the update!
I'll do what I can to help.
Standing by.....