ftp passive tcpdump unreachable – admin prohibited

If you are seeing this message “unreachable – admin prohibited” on a tcpdump it is most likely suggesting that the host is blocking your request via iptables or some other type of firewall, this was seen when FTP login was successful but on a active or passive connection was failing:

Cisco ASA Custom ftp passive port inspection

When an ftp server is configured with a custom ftp passive port, to ensure passive FTP continues working as expected the below configuration will help ensure passive FTP will work when the custom ftp server port is 10021