Hi,
I'm having issue with doing tftp to device behind the firewall (ASA) even though I have allow tftp from outside. Here is the message I see on the console. ciscoasa/C2(config)# ciscoasa/C2(config)# ciscoasa/C2(config)# %ASA-6-302016: Teardown UDP connection 113 for Outside: 150.1.1.241/69 to Inside:1.1.4.2/64253 duration 0:02:18 bytes 80 %ASA-6-302016: Teardown UDP connection 114 for Outside:150.1.1.241/0 to Inside:1.1.4.2/64253 duration 0:02:19 bytes 0 %ASA-7-609002: Teardown local-host Outside:150.1.1.241 duration 0:06:04 Here is the message I see on the device where I'm trying to tftp R2#copy flash: tftp: Source filename []? IOSCA.ser Address or name of remote host []? 150.1.1.241 Destination filename [IOSCA.ser]? ..... %Error opening tftp://xx.1.1.xx/IOSCA.ser <ftp://150.1.1.241/IOSCA.ser> (Timed out) R2# Here is my ACL on ASA applied to outside interface ciscoasa/C2# sh run acc ciscoasa/C2# sh run access-l ciscoasa/C2# sh run access-list out access-list out extended permit icmp any any access-list out extended permit esp host 1.1.6.3 host 1.1.4.2 access-list out extended permit udp host 1.1.6.3 host 1.1.4.2 eq isakmp access-list out extended permit udp host 1.1.6.3 host 1.1.4.2 eq ntp access-list out extended permit udp host 1.1.3.1 host 1.1.4.2 gt 33434 access-list out extended permit udp host 1.1.6.3 host 1.1.4.2 gt 33434 access-list out extended permit udp host 1.1.6.4 host 1.1.4.2 eq isakmp access-list out extended permit esp host 1.1.6.4 host 1.1.4.2 access-list out extended permit udp any host 1.1.4.2 eq tftp it works without firewall.. (when bypassed the firewall)...?? Appreciate if someone can find the issue.. thanks
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
