There is no statement in access list 101 that permits TFTP. And access list 101 has deny ip any any at its bottom. As you may remember in access lists that end with deny ip any any, any thing that is not permitted is denied.
So yes your access list is denying the TFTP traffic.
In your original post you say:"The user cant tftp to our local server 192.168.117.29" and this led me to assume that the user was remote. Now you seem to be saying that the user is local. Perhaps I need to ask you for clarification about the topology. Where is the user (and what address) and what address receives the request from the user? Where is the server?
Also it would be helpful to know if the user request is received as part of a VPN session or what?
In your original post you identify the TFTP server as 192.168.117.29. and in this post you identify it as 192.168.117.26. This inconsistency is confusing.
In the config that you post the only mention of 192.168.117 is a permit statement in the access list. The network does not appear to be a connected interface and there is no route statement to that network. Either this is the issue or you are providing such incomplete information that I will not be able to provide any further assistance with this.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...