I believe the basic issue is that by default the TFTP packets are sent using the source address of the outbound interface (in this case Ethernet 1). Since you did not include the crypto map in the posting we can not tell whether that traffic is included in the IPSec tunnel but I am guessing that it is not. The other part of the issue is that inteface Ethernet 1 has inbound access list 102. This access list permits some NTP, some DNS, IPSec and traffic from 10.0.0.0 to 10.0.0.128. But it has no permit for non-IPSec with destination address of 188.8.131.52 and I believe this includes tftp.
I believe there is an easy solution. If you include this in the config:
ip tftp source-interface ethernet 0
this will source the tftp from the ethernet 0 interface. I believe the return traffic will be permitted if it is sourced from ethernet 0.
Thanks for the reply. That indeed resolved the problem. I figured the problem was that tftp was using Eth1 for the source address, which was why I suspected my ACLs. I also figured there had to be a way to specify TFTP to use a different source address.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.