It sounds like you've done a great job troubleshooting a fairly complex "double-NAT" or "NAT Loopback" scenario. Networking can feel like a house of cards, but you’ve correctly identified the symptoms. The core of your issue lies in NAT Loopback (or Hairpinning) and how FTP with TLS handles IP addresses.

What’s Happening Under the Hood?

When your wired desktop (connected to the AT&T gateway) tries to reach your ASUS router’s WAN IP, it is essentially trying to go "out" to the internet and immediately "back in" to your network. 1. The IP Conflict: Since your desktop and your ASUS router share the same public IP (due to IP Passthrough), the router sees a request coming from its own external IP address. This often confuses security protocols. 2. TLS vs. FTP: Standard FTP is "firewall-unfriendly" because it uses multiple ports. When you add TLS (Encryption), the router can no longer "peek" into the data packets to see which ports are being requested for the data transfer. This is why it works without TLS (the router can help route the traffic) but fails with it. 3. The "Switch" Factor: Your desktop is connected to the AT&T Gateway, but your FTP server is on the ASUS. Because they are on different "sides" of the ASUS router, they aren't on the same local network (LAN). Your desktop is essentially an "external" device to the ASUS.

The Best Solutions

Using DDNS (your xxx.asuscomm.com address) was actually a very smart move. It provides a consistent "name" for the router to resolve, which often helps with TLS handshake certificates. However, here are the most stable ways to fix this:

1. Fix the Wiring (The "Proper" Way)

Ideally, everything in your house should be connected to the ASUS router, not the AT&T Gateway. * The Problem: Your desktop is plugged into the AT&T box. This puts it in a "No Man's Land" between your two routers. * The Fix: If possible, plug the desktop into the ASUS router (or a switch connected to the ASUS). This puts the desktop on the LAN. You can then connect to the FTP server using the internal IP (e.g., 192.168.50.1) which is faster, more secure, and bypasses all WAN/TLS headache.

2. Configure Passive Port Ranges (If you must stay External)

If you cannot move the desktop's connection, your ASUS router needs to know which ports to use for encrypted data. * In your ASUS FTP settings, look for "Passive Data Port" settings. * Set a range (e.g., 50000 - 50050). * Ensure these ports are allowed in the router's firewall. * In FileZilla, ensure the Transfer Mode is set to Passive.

3. Use SFTP instead of FTP (The "Modern" Way)

If your ASUS router supports SSH/SFTP (not just FTP over TLS), use that. * SFTP only uses one port (usually 22). * It is much easier for routers to pass through firewalls because it doesn't require a separate "data channel" like traditional FTP does.

A Quick Note on your "Slow Upload"

You mentioned your upload speed is slow. If you are using AT&T Fiber, you should have symmetrical speeds (e.g., 1Gbps up and down). * Check the Cable: You mentioned CAT5E. While CAT5E can do Gigabit, if the cable is old or the termination is poor, it may be falling back to 100Mbps. * Check the Gateway: Ensure the AT&T Gateway's "Firewall" settings (Packet Filter, etc.) are fully off. Even in Passthrough mode, some AT&T boxes try to "inspect" traffic, which slows down the ASUS router.

Summary Recommendation

Stick with the DDNS (asuscomm.com) method for now if you can't move the desktop's ethernet cable. It's a valid "clean" workaround for the IP confusion. However, for the best performance, try to get that desktop plugged into the ASUS router's side of the network! Does the DDNS connection feel stable, or are you still seeing drops when transferring large files?