Hi All, My tftp is server is 150.1.1.241 and router which trying to do tftp is 1.1.4.2 which is behind the ASA. I have already allowed udp any host 1.1.4.2 eq tftp
access-list out extended permit udp any host 1.1.4.2 eq tftp yes, I have default route on 1.1.4.2 and when I ping from 1.1.4.2 to 150.1.1.241 it was success.. On Sat, Feb 26, 2011 at 8:09 AM, kamran shakil <[email protected]>wrote: > true! tftp is not added there in ACL. > > plus even if u r from inside or outside ,there is no inspect also, so check > the ACL permission only! > > > On Sat, Feb 26, 2011 at 7:28 AM, Kingsley Charles < > [email protected]> wrote: > >> You have not permitted 150.1.1.24? Do you have static rule for the tftp >> server, if no, add permit statement for 150.1.1.241. >> >> >> With regards >> Kings >> >> On Sat, Feb 26, 2011 at 3:18 AM, Pemasiri Devanarayana < >> [email protected]> wrote: >> >>> Hi, >>> >>> >>> >>> I'm having issue with doing tftp to device behind the firewall (ASA) even >>> though I have allow tftp from outside. Here is the message I see on the >>> console. >>> >>> >>> >>> ciscoasa/C2(config)# >>> >>> ciscoasa/C2(config)# >>> >>> ciscoasa/C2(config)# %ASA-6-302016: Teardown UDP connection 113 for >>> Outside:150.1.1.241/69 to Inside:1.1.4.2/64253 duration 0:02:18 bytes 80 >>> >>> %ASA-6-302016: Teardown UDP connection 114 for Outside:150.1.1.241/0 to >>> Inside:1.1.4.2/64253 duration 0:02:19 bytes 0 >>> >>> %ASA-7-609002: Teardown local-host Outside:150.1.1.241 duration 0:06:04 >>> >>> >>> >>> Here is the message I see on the device where I'm trying to tftp >>> >>> R2#copy flash: tftp: >>> >>> Source filename []? IOSCA.ser >>> >>> Address or name of remote host []? 150.1.1.241 >>> >>> Destination filename [IOSCA.ser]? >>> >>> ..... >>> >>> %Error opening tftp://xx.1.1.xx/IOSCA.ser <ftp://150.1.1.241/IOSCA.ser> >>> (Timed >>> out) >>> >>> R2# >>> >>> >>> >>> Here is my ACL on ASA applied to outside interface >>> >>> ciscoasa/C2# sh run acc >>> >>> ciscoasa/C2# sh run access-l >>> >>> ciscoasa/C2# sh run access-list out >>> >>> access-list out extended permit icmp any any >>> >>> access-list out extended permit esp host 1.1.6.3 host 1.1.4.2 >>> >>> access-list out extended permit udp host 1.1.6.3 host 1.1.4.2 eq isakmp >>> >>> access-list out extended permit udp host 1.1.6.3 host 1.1.4.2 eq ntp >>> >>> access-list out extended permit udp host 1.1.3.1 host 1.1.4.2 gt 33434 >>> >>> access-list out extended permit udp host 1.1.6.3 host 1.1.4.2 gt 33434 >>> >>> access-list out extended permit udp host 1.1.6.4 host 1.1.4.2 eq isakmp >>> >>> access-list out extended permit esp host 1.1.6.4 host 1.1.4.2 >>> >>> access-list out extended permit udp any host 1.1.4.2 eq tftp >>> >>> >>> >>> it works without firewall.. (when bypassed the firewall)...?? >>> >>> >>> >>> Appreciate if someone can find the issue.. >>> >>> thanks >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
