In my topology ftp packets from R1 to R20 are not gettng though. (there are 19 routers between R1 and R20)
If it was an icmp packet not getting though, I could do a debug ip icmp on
R1 and I can catch the administratively prohibited message if
an "ip access-group" has been placed somewhere. This is the quickest way
to find the fault-point.
But for other protocols like ftp there is not an equivalent command, so
quickly finding the spot where "ip access-group" configured becomes
Curious as to how others approach this sort of issue...