NAT-Gateway_Cisco_Catalyst_8000_AWS_Market_Place

Estimated: If you are presenting me with the following problem : Desplegue in my AWS account an instance which is a Cisco Catalyst 8000 Team (MarketPlace AWS), I say I have 2 security groups, one inbound and another outbound, which allows all traffic, there are no restrictions. The team had access to the internet via a NAT Gateway, when performing the following steps such as, for example, pinging the DNS from google 8.8.8.8 the result is successful, consult some service that this is published in the port 443 is also successful. Y en este punto me detengo y es aqui where the root of the problem is, I keep an FTP server public on the internet, pinged this public ip (FTP server) from the Catalyst 8000 the ping responds ( This consults ICMP, salt by the NAT gateway) but at the time of requesting to connect to the FTP by email from port 21 the connection (Telnet a.b.c.d port 21) is not established. And as well indique the catalyst 8000 has a security group (Inbound and outbound) where there are no restrictions. Can someone tell me what would be the problem? Since already very grateful.

Kind regards .