08-13-2007 06:30 PM - edited 03-11-2019 03:57 AM
i have a new asa 5505 and i am wanting to update the asdm and asa and I am able to ping the inside address, but i am not able to ping my tftp server when it is getting the ip from the asa.
08-14-2007 05:47 AM
Hi
Is the tftp server on the same subnet as the inside interface of the ASA ?. If not does the ASA have a route to the tftp server subnet ?
Jon
08-14-2007 07:25 AM
the tftp server is getting a dhcp ip from the ASA. when i try and ping from the inside to that Ip it is not being found. to answer your question, yes the subnet's are the same.
08-14-2007 07:29 AM
Put this in the ASA and let me know if you can ping
icmp permit any inside
08-14-2007 08:53 AM
I entered that command. I am still unable to ping my 192.168.1.2 TFTP server
08-14-2007 09:10 AM
Can you post your ASA config?
08-14-2007 09:26 AM
08-14-2007 09:39 AM
Try remove the management-only from vlan 1
interface Vlan1
no management-only
08-14-2007 10:15 AM
It has been done and I am still not able to ping from the inside interface to my TFTP server
08-14-2007 10:21 AM
I just notice that in your config there is no Ethernet interface assign to vlan1 that is your inside
08-14-2007 10:47 AM
by default all my ethernet interfaces are part of VLAN 1, it just doesn't show up in the config. If I go in to the asdm, under interfaces i see that all are joined to VLAN 1.
08-14-2007 11:32 AM
The TFTP server is connected in the ASA?
08-14-2007 12:51 PM
yes, tftp server is plugged into ethernet 0/1
08-14-2007 01:11 PM
Did you copy the config from another pix/asa dumped in this asa?
There is no ip in the outside interface, there is an IPSec tunnel, multiple telnet, http and ssh hosts in outside and then an ssh any outside. There is no acl apply in the inside but there is an acl apply to the outside allowing anything.
Try this, if doesn't then try erasing the config and start over.
access-list inside_access_in extended permit ip any any
access-group inside_access_in in interface inside
08-14-2007 04:39 PM
I dumped everything from the other asa from the start. I took off the outside IP since this will be using a different static IP. The other asa is working fine, but this asa is not allowing the ping from inside to any of the ethernet interfaces. I am leaning towards erasing and starting over from stratch.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: