Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
512
Views
3
Helpful
2
Replies

TFTP from asa directly not working

Sebastian Helmer
Level 5
Level 5

‎02-07-2009 01:01 AM - edited ‎02-21-2020 03:16 AM

Dear all,

i spoke for a friend which problem i heard in the last days.

he installed a new location and the vpn is woking well, from the cleints in the local lan he can connect the tftp server in the headquater. but when he is on the asa via ssh (connected to the internal IP) he can't connect the tftp. a traceroute routed him directly to the WAN and not into the vpn tunnel..

he configred this asa that very traffic should go into the vpn tunnel.

But from the asa itself he do it not and can't reach the tfp in the headquater.

any idea?

thanks in advance

Sebastian

0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎02-08-2009 04:10 PM

Sebastian

The ASA uses an access list to identify traffic that should be protected by IPSec and sent through the VPN tunnel. The symptoms that you describe sound like that traffic generated by the ASA itself (TFTP from ASA to headquarters) is not included in that access list. If he wants the TFTP traffic from the ASA to go through the VPN tunnel he should add an entry in that access list which permits TFTP from the ASA to the server.

HTH

Rick

HTH

Rick

Sebastian Helmer
Level 5
Level 5
In response to Richard Burts

‎02-12-2009 09:57 PM

The problem, was a security policy and the thing, that the traffic from the asa its own will be handled as the traffic from the LAN.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card