I see that if you are upgrading a PIX from 6.x to 7.x, your fixup's get converted to MPF commands, and that's fine. However it seems that a brand new ASA out of the box does not have this enabled. You need to copy your fixups from your old 6.x config (assuming you are indeed upgrading replacing) or get the block of default config and paste it into the ASA to get the equivalent functionality. I read some on CCO that gave the impression that these fixups were on by default and you only need touch MPF config if you wanted to change something. This is definately not the case, as I had to manually put the inspect ftp config into an ASA to get active ftp working.
Anyone confirm this ? Anyone have a direct link to a doc that substaniates this ? Anyone from Cisco care to tell us why what has been there by default for years is now 'off' by default ? Thanks.