Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > TFTP from Pix problem

Reply
Thread Tools

TFTP from Pix problem

 
 
Christoph Gartmann
Guest
Posts: n/a
 
      06-14-2005
Hello,

after the upgrade of our PIX515 to version 7.0.1(2) I am no longer able
to do a "write net" to our tftp-server. The strange thing is this:
- from a similar pix (again 515, same software version) the tftp transfer
is no problem.
- from the pix in question to a different tftp server the transfer is working
all right.
- both pixen are able to ping to both tftp servers.
- the tftp file is created but then the pix reports a timeout (after quite
some time).
- this problem pix is the only one having trouble with this tftp server.
- there is nothing rejected in the log.

The IP address of the main TFTP-server and the second one are in the same
subnet and differ only in one bit. The IP address of the problem pix is in a
different net. The same is true for the similar pix but this net is
different from the one of the problem pix. Connection between the networks is
done by a router. The relevant part of the config is this:


PIX Version 7.0(1)2
no names
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.1.1.1 255.255.0.0
!
access-list 100 extended permit ip any any
monitor-interface inside
asdm history enable
arp timeout 1800
nat-control
nat (inside) 1 10.1.0.0 255.255.0.0
static (inside,outside) 192.129.30.0 192.129.30.0 netmask 255.255.255.0
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.2.254 1
route inside 192.129.30.0 255.255.255.0 10.1.1.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
telnet 10.1.0.0 255.255.0.0 inside
telnet 192.129.30.0 255.255.255.0 inside
telnet timeout 30
ssh 192.129.30.0 255.255.255.0 inside
ssh timeout 30
ssh version 1
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect ils
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect sip
inspect xdmcp
inspect tftp
policy-map global-policy
class inspection_default
!
service-policy global_policy global
tftp-server inside 192.129.30.3 pix.config
: end


So what could be wrong here?

Regards,
Christoph Gartmann

--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
Immunbiologie
Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html
 
Reply With Quote
 
 
 
 
Christoph Gartmann
Guest
Posts: n/a
 
      06-15-2005
In article <d8n0rq$rq9$(E-Mail Removed)>, I (Christoph Gartmann) wrote:

>after the upgrade of our PIX515 to version 7.0.1(2) I am no longer able
>to do a "write net" to our tftp-server. The strange thing is this:
>- from a similar pix (again 515, same software version) the tftp transfer
> is no problem.
>- from the pix in question to a different tftp server the transfer is working
> all right.
>- both pixen are able to ping to both tftp servers.
>- the tftp file is created but then the pix reports a timeout (after quite
> some time).
>- this problem pix is the only one having trouble with this tftp server.
>- there is nothing rejected in the log.

[...]

Solved the problem. It was not related to the Pix but to the TFTP server. The
latter had two IP addresses, the one used by the Pix and one in the same IP net
as the Pix. So the TFTP server sent the acknowledgements with its secondary
address

Regards,
Christoph Gartmann

--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
Immunbiologie
Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
booting router from tftp: image is stored within a sub-dir in tftp root Sharad Cisco 0 02-13-2007 11:31 AM
Strange TFTP problem via Pix Christoph Gartmann Cisco 3 03-17-2006 09:51 AM
ssh and tftp through a pix to pix vpn Blouz Cisco 2 02-02-2005 10:51 PM
PIX 6.3(3) Fixup protocol dns and tftp... Masud Reza Cisco 1 01-03-2004 11:18 PM
how to upload the configuration file to PIX from TFTP server love0503hk Cisco 2 11-26-2003 10:04 PM



Advertisments