Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

TFTP from asa directly not working

Dear all,

i spoke for a friend which problem i heard in the last days.

he installed a new location and the vpn is woking well, from the cleints in the local lan he can connect the tftp server in the headquater. but when he is on the asa via ssh (connected to the internal IP) he can't connect the tftp. a traceroute routed him directly to the WAN and not into the vpn tunnel..

he configred this asa that very traffic should go into the vpn tunnel.

But from the asa itself he do it not and can't reach the tfp in the headquater.

any idea?

thanks in advance


Hall of Fame Super Gold

Re: TFTP from asa directly not working


The ASA uses an access list to identify traffic that should be protected by IPSec and sent through the VPN tunnel. The symptoms that you describe sound like that traffic generated by the ASA itself (TFTP from ASA to headquarters) is not included in that access list. If he wants the TFTP traffic from the ASA to go through the VPN tunnel he should add an entry in that access list which permits TFTP from the ASA to the server.



Re: TFTP from asa directly not working

The problem, was a security policy and the thing, that the traffic from the asa its own will be handled as the traffic from the LAN.

CreatePlease to create content