Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > pix question regarding configs and tftp

Reply
Thread Tools

pix question regarding configs and tftp

 
 
John Smith
Guest
Posts: n/a
 
      03-31-2005
is there a pix equivalent to the router IOS command "copy tftp start"?
v.6.3(4)

it seems that you can't tftp a config *to* the pix, only *from* the pix.
am i wrong?

TIA
 
Reply With Quote
 
 
 
 
Mathias Gaertner
Guest
Posts: n/a
 
      03-31-2005

you are wrong

enable-mode
config terminal
config net tftp-srvaddrath

See online-help:
pixfirewall(config)# conf net ?
Usage: configure [terminal|floppy|memory]
configure \
http[s]://[<user>:<password>@]<location>[:<port>]/<pathname>
configure net [<location>]:[<pathname>]
configure factory-default [<inside_ip> [<mask>]]
clear configure [primary|secondary|all]


Mathias
John Smith schrieb:
> is there a pix equivalent to the router IOS command "copy tftp start"?
> v.6.3(4)
>
> it seems that you can't tftp a config *to* the pix, only *from* the pix.
> am i wrong?
>
> TIA


--
CCIE #11220
Everything written is MY opinion only, not the one of my company or
employer unless otherwise noted

The early bird gets the worm, but the second mouse gets the cheese

My signature is certified by Fraunhofer Society.
The root-ca IS trusted but the browser-manufacturers want big $ to have
it included
 
Reply With Quote
 
 
 
 
John Smith
Guest
Posts: n/a
 
      03-31-2005
cool - thanks....

On Thu, 31 Mar 2005 16:44:00 +0200, Mathias Gaertner wrote:

>
> you are wrong
>
> enable-mode
> config terminal
> config net tftp-srvaddrath
>
> See online-help:
> pixfirewall(config)# conf net ?
> Usage: configure [terminal|floppy|memory]
> configure \
> http[s]://[<user>:<password>@]<location>[:<port>]/<pathname>
> configure net [<location>]:[<pathname>]
> configure factory-default [<inside_ip> [<mask>]]
> clear configure [primary|secondary|all]
>
>
> Mathias
> John Smith schrieb:
>> is there a pix equivalent to the router IOS command "copy tftp start"?
>> v.6.3(4)
>>
>> it seems that you can't tftp a config *to* the pix, only *from* the pix.
>> am i wrong?
>>
>> TIA


 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      03-31-2005
In article <(E-Mail Removed)>,
John Smith <(E-Mail Removed)> wrote:
:is there a pix equivalent to the router IOS command "copy tftp start"?
:v.6.3(4)

No.


:it seems that you can't tftp a config *to* the pix, only *from* the pix.
:am i wrong?

In PIX thru 6.x, there is only the equivilent of "copy tftp running".
That is, you can tftp something in, but as it gets tftp'd, it will
*line by line* get processed and make changes -- and if those
changes happen to clobber the link to the tftp server, you only
have until the end of the current tftp block (512 byte boundaries)
to get the link re-established your your session is gone.

You should see the hoops I've had to jump through to tftp in
a new configuration from a remote server over a VPN link.
(I don't have access to systems at the remote end to temporarily
store the configuration on for non-VPN access, and the ISP-
equivilent blocks plain tftp so I can't just turn off the VPN
link long enough to upload the new config... I have to keep
the VPN stable while I change it!)
--
Usenet is like a slice of lemon, wrapped around a large gold brick.
 
Reply With Quote
 
d8da
Guest
Posts: n/a
 
      04-01-2005
what version of tftp is being used? I am trying to tftp from a server
attached to the pix concole port. i am using tftpd32. I can not seem to
get the config from the pix to the server, much less get the
path/filename correct.

Any help with that?

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      04-01-2005
In article <(E-Mail Removed) .com>,
d8da <(E-Mail Removed)> wrote:
:what version of tftp is being used? I am trying to tftp from a server
:attached to the pix concole port.

Do you mean that literally? The PIX console port is a serial port
*only*. You have to attach to one of the ethernet interfaces,
and you have to give the interface an IP address and subnet,
and you have to configure the 'tftp-server' command (if you know
the shortcuts you can skip that step -provided- your server
is connected to the 'inside' interface.)
--
Usenet is like a slice of lemon, wrapped around a large gold brick.
 
Reply With Quote
 
d8da
Guest
Posts: n/a
 
      04-01-2005
no, I am connected from the PIX to my server via the blue cable that
connects to the server serial port. this is how I get to the pdm. And
from the pdm I set the IP of the server 192.168.0.3 and the path,
c:\tools\tftp. But when I use the PDM to save the config, it gives me
access denied messages. How am I supposed to set the correct path and
filename?

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      04-01-2005
In article <(E-Mail Removed) .com>,
d8da <(E-Mail Removed)> wrote:
:c:\tools\tftp. But when I use the PDM to save the config, it gives me
:access denied messages. How am I supposed to set the correct path and
:filename?

It is common (but not universal) that tftp daemons require that
the destination filename exist before it will allow writing to the
file. This is a security measure.

Also, tftp daemons only allow writing to directories they have been
configured to allow writing to.

I am not familiar with your particular tftp daemon, so I do not know
what specific steps are needed to configure it.
--
History is a pile of debris -- Laurie Anderson
 
Reply With Quote
 
d8da
Guest
Posts: n/a
 
      04-09-2005
Thanks for the reply. Can you send the exact tftp server you use and
the commands? Please?

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      04-09-2005
In article <(E-Mail Removed). com>,
d8da <(E-Mail Removed)> wrote:
:Thanks for the reply. Can you send the exact tftp server you use and
:the commands? Please?

The only tftp servers that I have had experience with on Windows
have been:

- the one with AT&T's "UWin" project
- (very recently) SolarWinds TFTP.

The SolarWinds TFTP is not starting itself automatically properly,
sometimes freezes up, and sometimes thinks that it is already running
when it is not, requiring a reboot to restore functionality.
On the other hand, it does not require that the destination file
be already present.

For the SolarWinds product, I could not, within a reasonable amount
of time, determine how to remotely specify an exact destination
the way I am accustomed to for Unix systems. What I ended up doing
on the PIX was using a destination file name starting with a
single forward-slash, which the SolarWinds product automatically
translated into its pre-configured destination directory
( C:\PIX in our setup.)

tftp-server inside WindowsHostIP /ConfigFile.txt

then write net would write to C:\PIX\ConfigFile.txt
--
"I want to make sure [a user] can't get through ... an online
experience without hitting a Microsoft ad"
-- Steve Ballmer [Microsoft Chief Executive]
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Pull Configs for a series of Switches with TFTP KDawg44 Cisco 5 09-24-2009 01:21 AM
booting router from tftp: image is stored within a sub-dir in tftp root Sharad Cisco 0 02-13-2007 11:31 AM
Net:TFTPd questions - Want to upload configs via TFTP Chris G. Perl Misc 1 07-21-2006 08:18 PM
ssh and tftp through a pix to pix vpn Blouz Cisco 2 02-02-2005 10:51 PM
Best way to get new PIX configs downloaded Angela Spiro Cisco 2 11-10-2003 12:56 PM



Advertisments