Unanswered Question
Aug 13th, 2007

i have a new asa 5505 and i am wanting to update the asdm and asa and I am able to ping the inside address, but i am not able to ping my tftp server when it is getting the ip from the asa.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Jon Marshall Tue, 08/14/2007 - 05:47


Is the tftp server on the same subnet as the inside interface of the ASA ?. If not does the ASA have a route to the tftp server subnet ?


jkuehl Tue, 08/14/2007 - 07:25

the tftp server is getting a dhcp ip from the ASA. when i try and ping from the inside to that Ip it is not being found. to answer your question, yes the subnet's are the same.

jkuehl Tue, 08/14/2007 - 08:53

I entered that command. I am still unable to ping my TFTP server

jkuehl Tue, 08/14/2007 - 10:15

It has been done and I am still not able to ping from the inside interface to my TFTP server

rigoberto.cintr... Tue, 08/14/2007 - 10:21

I just notice that in your config there is no Ethernet interface assign to vlan1 that is your inside

jkuehl Tue, 08/14/2007 - 10:47

by default all my ethernet interfaces are part of VLAN 1, it just doesn't show up in the config. If I go in to the asdm, under interfaces i see that all are joined to VLAN 1.

rigoberto.cintr... Tue, 08/14/2007 - 13:11

Did you copy the config from another pix/asa dumped in this asa?

There is no ip in the outside interface, there is an IPSec tunnel, multiple telnet, http and ssh hosts in outside and then an ssh any outside. There is no acl apply in the inside but there is an acl apply to the outside allowing anything.

Try this, if doesn't then try erasing the config and start over.

access-list inside_access_in extended permit ip any any

access-group inside_access_in in interface inside

jkuehl Tue, 08/14/2007 - 16:39

I dumped everything from the other asa from the start. I took off the outside IP since this will be using a different static IP. The other asa is working fine, but this asa is not allowing the ping from inside to any of the ethernet interfaces. I am leaning towards erasing and starting over from stratch.

jkuehl Wed, 08/15/2007 - 16:58

i set the ASA back to the factory default and loaded everything from the ASA that was working. I am able to get out to the internet, but still not able to ping hosts from the inside interface. On the other ASA I am able to ping and I am using the same config. Any ideas before I open a TAC case.

jkuehl Thu, 08/16/2007 - 06:47

No, just reloaded the ASA and then copied the config through hyper terminal once it finished.


This Discussion