cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
660
Views
0
Helpful
8
Replies

need help with pix and tftp

controlcircle
Level 1
Level 1

Hi thanks for looking...

When trying to tftp copy from a pix 515e device to a tftp server the traffic is sent on interface 1 instead of interface 3 thus the connection times out because tftp server can't not be located. Hoewever pinging the tftp server is always successful.

The error message I'm getting is as follows:

[command entered]

PIX-FO# write net 192.168.176.2:tftp-354.47034

[result]

Building configuration...

TFTP write 'tftp-354.47034' at TRIPFIRE on interface 1

Timed out attempting to connect

[FAILED]

[ip route table]

outside 0.0.0.0 0.0.0.0 80.64.51.65 1

OTHER static

inside 10.1.1.0 255.255.255.0 10.1.1.254

1 CONNECT static

intf2 10.1.2.0 255.255.255.0 10.1.2.254 1

CONNECT static

outside 80.64.51.64 255.255.255.240

80.64.51.68 1 CONNECT static

intf3 192.168.150.0 255.255.255.0

192.168.150.254 1 CONNECT static

intf3 192.168.171.104 255.255.255.255

192.168.150.1 1 OTHER static

intf3 192.168.172.1 255.255.255.255

192.168.150.1 1 OTHER static

intf3 TRIPFIRE 255.255.255.255

192.168.150.1 1 OTHER static

thanks in advance for any help or pointers.

8 Replies 8

a.kiprawih
Level 7
Level 7

What's your tftp config? It should be more or less like below:

tftp-server inside /

This will make your PIX to save the config (when you issue write net command) to the tftp server located on the interface 1 (inside interface). The '/' is a default where PIX will just send it to the directory set in your TFTP Server.

Rgds,

AK

thanks for replying AJ the tftp config is...

tftp-server inside 192,168.176.2 tftp-354.47034

where the file name is tftp-354.47034 stored in the root folder of the tftp directory

by the way at one stage I was also getting the error...

Begin configuration: console writing to tftp

No route to 192.168.176.2 from 10.1.1.254

Hi,

By specifying the command "tftp-server inside 192.168.176.2 tftp-354.47034",

the pix will look for tftp-server to be located in the inside network.

Is this correct for your setup.

As you have stated in your original post, if the tftp-server is located in interface 3, then you have to specify the name of the interface 3 in the "tftp-server" command..

"tftp-server 192.168.176.2"

The above command will set the tftp server ip also specify that the tftp server is located in the interface specified by you.

Now when you issue a write net command, issue it as follows

write net :/tftp-354.47034

In the above command the ":" will take the values that you have configured via the tftp-server command. We are only providing the path and the filename.

Here's the url for more information on this.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008072142a.shtml#write

Hope this helps.

-VJ

thanks VJ and AJ

yes that is correct for my setup, I am trying to tftp on interface3 which is on the inside. I run the command as you suggested

write net intf3 192.168.176.2:/tftp-354.47034

(where intf3 is interface3) and I get the following error....

PIX-FO# write net intf3 192.168.176.2:/tftp-354.47034

Building configuration...

[FAILED]

here is the route table,

PIX-FO# sh route

outside 0.0.0.0 0.0.0.0 80.64.51.65 1 OTHER static

inside 10.1.1.0 255.255.255.0 10.1.1.254 1 CONNECT static

intf2 10.1.2.0 255.255.255.0 10.1.2.254 1 CONNECT static

outside 80.64.51.64 255.255.255.240 80.64.51.68 1 CONNECT static

intf3 192.168.150.0 255.255.255.0 192.168.150.254 1 CONNECT static

intf3 192.168.171.104 255.255.255.255 192.168.150.1 1 OTHER static

intf3 192.168.172.1 255.255.255.255 192.168.150.1 1 OTHER static

intf3 TRIPWIRE 255.255.255.255 192.168.150.1 1 OTHER static

and ip table

ip address outside 80.64.51.68 255.255.255.240

ip address inside 10.1.1.254 255.255.255.0

ip address intf2 10.1.2.254 255.255.255.0

ip address intf3 192.168.150.254 255.255.255.0

thanks

How's the routing to your internal tftp server?

The error message indicate that the tftp server

was unreachable due to routing not available (no route to ....).

Can you post the IP address & routing portion of your PIX?

ignore the no route to error, it no longer applies, I have listed my ip and route table in my previous post...

thnx

Hello, If you are sure you have the routing okey, because at the top you write TRIPFIRE and a bit futher down TRIPWIRE as a static hostroute for your TFTP-server, I can only see three problems:

1) Try the command without a slash that is:

write net 192.168.176.2:thenameofthefileonthetftpserver

2) Or, some tftp-servers require that there actually exsists a file with the correct name before you download it from the PIX

3) Or, the filename on the tftp-server is wrong.

Best Regards

To clarify:

I have tested the commands:

write net 10.10.10.1:testfile

and

write net 10.10.10.1:/testfile

and they both work.

I tested against the 3COM 3CServer. It only complains when I try to overwrite an existing file. But I know that FREEBSD require there to be an existing file on the tftp-server before downloading.

Best Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: