02-07-2009 01:01 AM - edited 02-21-2020 03:16 AM
Dear all,
i spoke for a friend which problem i heard in the last days.
he installed a new location and the vpn is woking well, from the cleints in the local lan he can connect the tftp server in the headquater. but when he is on the asa via ssh (connected to the internal IP) he can't connect the tftp. a traceroute routed him directly to the WAN and not into the vpn tunnel..
he configred this asa that very traffic should go into the vpn tunnel.
But from the asa itself he do it not and can't reach the tfp in the headquater.
any idea?
thanks in advance
Sebastian
02-08-2009 04:10 PM
Sebastian
The ASA uses an access list to identify traffic that should be protected by IPSec and sent through the VPN tunnel. The symptoms that you describe sound like that traffic generated by the ASA itself (TFTP from ASA to headquarters) is not included in that access list. If he wants the TFTP traffic from the ASA to go through the VPN tunnel he should add an entry in that access list which permits TFTP from the ASA to the server.
HTH
Rick
02-12-2009 09:57 PM
The problem, was a security policy and the thing, that the traffic from the asa its own will be handled as the traffic from the LAN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide