TFTP from asa directly not working

Unanswered Question
Feb 7th, 2009

Dear all,

i spoke for a friend which problem i heard in the last days.

he installed a new location and the vpn is woking well, from the cleints in the local lan he can connect the tftp server in the headquater. but when he is on the asa via ssh (connected to the internal IP) he can't connect the tftp. a traceroute routed him directly to the WAN and not into the vpn tunnel..

he configred this asa that very traffic should go into the vpn tunnel.

But from the asa itself he do it not and can't reach the tfp in the headquater.

any idea?

thanks in advance


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Richard Burts Sun, 02/08/2009 - 16:10


The ASA uses an access list to identify traffic that should be protected by IPSec and sent through the VPN tunnel. The symptoms that you describe sound like that traffic generated by the ASA itself (TFTP from ASA to headquarters) is not included in that access list. If he wants the TFTP traffic from the ASA to go through the VPN tunnel he should add an entry in that access list which permits TFTP from the ASA to the server.



Sebastian Helmer Thu, 02/12/2009 - 21:57

The problem, was a security policy and the thing, that the traffic from the asa its own will be handled as the traffic from the LAN.


This Discussion