Trying to setup a conduit to a statically configured inside,outside address. using
conduit permit udp host (Eternal Address) eq tftp any
I can attach to the internal address and download a file via tftp from the inside ( using a laptop configured with an internal address) but when I try and download the file from the outside (same laptop connected to our external network with an external address) I always receive a timeout. I can hit the www port with the web browser but not the tftp with a tftp client. If this is possible how can I do it. I am trying to setup automatic client updates for my VPN 3002 clients and it is not working.
Certainly should be possible, but it's hard to tell with the info you've given. Is the static a one-to-one static or a port static? Is the WWW port that is working associated with the same static and therefore the same internal server?
What does the PIX syslog show when you try and start a TFTP connection, that'll give you the most information about what's going on?
The configured static is a single external to single internal ip address translation with a conduit permit over the top allowing tftp into the port(external address in the command for Conduit permit). www site is on same internal server as tftp.
example external address is 126.96.36.199 internal address is 192.168.200.111(not my actual IPs using bogus ones)
conduit permit udp host 188.8.131.52 eq tftp any
No other translations to either of these addresses.
Okay now new info.
I was able to connect to the tftp while direct connecting to the outside network with a laptop but not from behind the VPN 3002 translation(Split tunneling enabled). Probably something to do with translation of ports below 1024. The 3002 was what I wanted to tftp the to for update. It would start the connection to the external tftp server address and act like it was going to download but never actually started the transfer. Know this from server log.
I then decided to change the tftp address in the autoupdate on the main concentrator to point to the internal address ot the tftp server which was reachable after the tunnel was established. The VPN 3002 was able to pull the file from the tftp server and update itself. Thanks for your help.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...