Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TFTP problem via ASA 7.2(4)

Hi everyone

I have a tftp server on my local network and devices based on remote sites. Between the two networks I have a firewall, ASA 7.2(4), routers and a MPLS VPN network. When the devices try to pull the image from the tftp server, the connection times out (on a sniffer I can see packets with error code: unkown transfer ID). I have tftp inspect rule set up, but doesn't seem to have solved the problem. Anyone any ideas?

Cisco Employee

Re: TFTP problem via ASA 7.2(4)

Since tftp uses udp it is best effort only. I'd suggest using a PC local to where ever you need it and not let the traffic traverse multiple layer 3 devices which may also be NAT devices.  ASA firewall (if address translation happens) may drop these packets if you do not have inspect tftp.

You need to provide static address translation for this tftp server IP address.

- check the syslogs on the ASA

- collect captures on the ASA

- captues on the tftp server itself

- make sure tftp works locally in the segment where tftp server is located.

- make sure tftp works from the host right outside the ASA.

- You just have to go one hop away and keep testing until it fails and determine why it fails.

You can refer this link for error codes:


New Member

Re: TFTP problem via ASA 7.2(4)


I think I've come to the bottom of this, though I still don't have a solution. Basically what happens is that the TFTP data blocks of packets are big, the client sends another ACK0 with different transfer ids, unknown to the TFTP server which triggers a code error 5 and closes the connection.

The packets carry 1496 bytes of data and have to traverse IPsec GRE tunnels before reaching the destination. Any ideas on how I could speed this up?

CreatePlease login to create content