09-04-2006 04:07 AM - edited 02-21-2020 01:09 AM
Hi thanks for looking...
When trying to tftp copy from a pix 515e device to a tftp server the traffic is sent on interface 1 instead of interface 3 thus the connection times out because tftp server can't not be located. Hoewever pinging the tftp server is always successful.
The error message I'm getting is as follows:
[command entered]
PIX-FO# write net 192.168.176.2:tftp-354.47034
[result]
Building configuration...
TFTP write 'tftp-354.47034' at TRIPFIRE on interface 1
Timed out attempting to connect
[FAILED]
[ip route table]
outside 0.0.0.0 0.0.0.0 80.64.51.65 1
OTHER static
inside 10.1.1.0 255.255.255.0 10.1.1.254
1 CONNECT static
intf2 10.1.2.0 255.255.255.0 10.1.2.254 1
CONNECT static
outside 80.64.51.64 255.255.255.240
80.64.51.68 1 CONNECT static
intf3 192.168.150.0 255.255.255.0
192.168.150.254 1 CONNECT static
intf3 192.168.171.104 255.255.255.255
192.168.150.1 1 OTHER static
intf3 192.168.172.1 255.255.255.255
192.168.150.1 1 OTHER static
intf3 TRIPFIRE 255.255.255.255
192.168.150.1 1 OTHER static
thanks in advance for any help or pointers.
09-04-2006 06:26 AM
What's your tftp config? It should be more or less like below:
tftp-server inside
This will make your PIX to save the config (when you issue write net command) to the tftp server located on the interface 1 (inside interface). The '/' is a default where PIX will just send it to the directory set in your TFTP Server.
Rgds,
AK
09-05-2006 01:18 AM
thanks for replying AJ the tftp config is...
tftp-server inside 192,168.176.2 tftp-354.47034
where the file name is tftp-354.47034 stored in the root folder of the tftp directory
by the way at one stage I was also getting the error...
Begin configuration: console writing to tftp
No route to 192.168.176.2 from 10.1.1.254
09-05-2006 02:13 AM
Hi,
By specifying the command "tftp-server inside 192.168.176.2 tftp-354.47034",
the pix will look for tftp-server to be located in the inside network.
Is this correct for your setup.
As you have stated in your original post, if the tftp-server is located in interface 3, then you have to specify the name of the interface 3 in the "tftp-server" command..
"tftp-server
The above command will set the tftp server ip also specify that the tftp server is located in the interface specified by you.
Now when you issue a write net command, issue it as follows
write net :/tftp-354.47034
In the above command the ":" will take the values that you have configured via the tftp-server command. We are only providing the path and the filename.
Here's the url for more information on this.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008072142a.shtml#write
Hope this helps.
-VJ
09-05-2006 07:12 AM
thanks VJ and AJ
yes that is correct for my setup, I am trying to tftp on interface3 which is on the inside. I run the command as you suggested
write net intf3 192.168.176.2:/tftp-354.47034
(where intf3 is interface3) and I get the following error....
PIX-FO# write net intf3 192.168.176.2:/tftp-354.47034
Building configuration...
[FAILED]
here is the route table,
PIX-FO# sh route
outside 0.0.0.0 0.0.0.0 80.64.51.65 1 OTHER static
inside 10.1.1.0 255.255.255.0 10.1.1.254 1 CONNECT static
intf2 10.1.2.0 255.255.255.0 10.1.2.254 1 CONNECT static
outside 80.64.51.64 255.255.255.240 80.64.51.68 1 CONNECT static
intf3 192.168.150.0 255.255.255.0 192.168.150.254 1 CONNECT static
intf3 192.168.171.104 255.255.255.255 192.168.150.1 1 OTHER static
intf3 192.168.172.1 255.255.255.255 192.168.150.1 1 OTHER static
intf3 TRIPWIRE 255.255.255.255 192.168.150.1 1 OTHER static
and ip table
ip address outside 80.64.51.68 255.255.255.240
ip address inside 10.1.1.254 255.255.255.0
ip address intf2 10.1.2.254 255.255.255.0
ip address intf3 192.168.150.254 255.255.255.0
thanks
09-05-2006 04:35 AM
How's the routing to your internal tftp server?
The error message indicate that the tftp server
was unreachable due to routing not available (no route to ....).
Can you post the IP address & routing portion of your PIX?
09-05-2006 07:59 AM
ignore the no route to error, it no longer applies, I have listed my ip and route table in my previous post...
thnx
09-07-2006 04:38 AM
Hello, If you are sure you have the routing okey, because at the top you write TRIPFIRE and a bit futher down TRIPWIRE as a static hostroute for your TFTP-server, I can only see three problems:
1) Try the command without a slash that is:
write net 192.168.176.2:thenameofthefileonthetftpserver
2) Or, some tftp-servers require that there actually exsists a file with the correct name before you download it from the PIX
3) Or, the filename on the tftp-server is wrong.
Best Regards
09-07-2006 04:54 AM
To clarify:
I have tested the commands:
write net 10.10.10.1:testfile
and
write net 10.10.10.1:/testfile
and they both work.
I tested against the 3COM 3CServer. It only complains when I try to overwrite an existing file. But I know that FREEBSD require there to be an existing file on the tftp-server before downloading.
Best Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: