Cisco 3750 VLAN access-list issue

[xylax]

O' Great Tek-Tips, I believe I have a simple question for you but hard one for me.

I have three VLANs. VLAN60 is completely isolated from all other vlans. Certain machines on VLAN30 have access to certain machines on VLAN60 with RDP. They work fine. However, I need to have Machine1 on VLAN60 to FTP to Server1 on VLAN20 (which every vlan but vlan60 needs to see). Any help is appreciated. Thanks!

-- Current config --
ip access-list extended ACLout <--working
permit tcp host 10.10.30.2 host 10.10.60.10 eq 3389
permit tcp host 10.10.30.2 host 10.10.60.11 eq 3389

ip access-list extended ACLin <--not working
permit tcp host 10.10.6.30 host 10.10.20.17 eq ftp

interface Vlan60
ip address 10.10.60.1 255.255.255.0
ip access-group ACLin in
ip access-group ACLout out

interface Vlan20
ip address 10.10.20.201 255.255.255.0

-- What I think will work --
ip access-list extended ACLout <--working
permit tcp host 10.10.30.2 host 10.10.60.10 eq 3389
permit tcp host 10.10.30.2 host 10.10.60.11 eq 3389

ip access-list extended VLAN20out
permit ip any any
deny ip 10.10.60.0 0.0.0.255 10.10.20.0 0.0.0.255
permit tcp host 10.10.60.30 host 10.10.20.17 eq 21

interface Vlan60
ip address 10.10.60.1 255.255.255.0
ip access-group ACLout out

interface Vlan20
ip address 10.10.20.201 255.255.255.0
ip access-group VLAN20out out

Shon
Network Administrator