I have an L2L ipsec tunnel between two of our production environments.
On one device, Fortigate, we have our main network where my workstation resides. On the other device, ASA 5505, is where I am trying to (via the CLI) tftp to my workstation (running a tftp server)
On my ASA 5505 via CLI, I tried to perform a tftp session with my workstation. Reviewing the live log in the ASDM, I noticed that it was not using the tunnel to get to my address.
What I do not understand is that if I ping my workstation from a workstation behind the network of the ASA, it is successful. When I ping via the CLI in the ASA, I have to specifically add that it uses the "internal" interface.
Furthermore, I setup a static route to the network where my workstation resides and used the ASA's "inside" interface as the gateway (this is what our workstations in the ASA network use). Yet, this still didn't work.
Can anyone give me pointers on how to assure I can tftp to my network behind the Fortigate?
The issue here is the ASA is using it's outside interface as the source address. This address most likely is not defined as interesting traffic for the vpn tunnel. Adding this address to the crypto acl should solve your issue. I assume you will also need to add the traffic to the Forgigate device.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :