TFTP from Pix problem

Discussion in 'Cisco' started by Christoph Gartmann, Jun 14, 2005.

  1. Hello,

    after the upgrade of our PIX515 to version 7.0.1(2) I am no longer able
    to do a "write net" to our tftp-server. The strange thing is this:
    - from a similar pix (again 515, same software version) the tftp transfer
    is no problem.
    - from the pix in question to a different tftp server the transfer is working
    all right.
    - both pixen are able to ping to both tftp servers.
    - the tftp file is created but then the pix reports a timeout (after quite
    some time).
    - this problem pix is the only one having trouble with this tftp server.
    - there is nothing rejected in the log.

    The IP address of the main TFTP-server and the second one are in the same
    subnet and differ only in one bit. The IP address of the problem pix is in a
    different net. The same is true for the similar pix but this net is
    different from the one of the problem pix. Connection between the networks is
    done by a router. The relevant part of the config is this:


    PIX Version 7.0(1)2
    no names
    !
    interface Ethernet1
    nameif inside
    security-level 100
    ip address 10.1.1.1 255.255.0.0
    !
    access-list 100 extended permit ip any any
    monitor-interface inside
    asdm history enable
    arp timeout 1800
    nat-control
    nat (inside) 1 10.1.0.0 255.255.0.0
    static (inside,outside) 192.129.30.0 192.129.30.0 netmask 255.255.255.0
    access-group 100 in interface outside
    route outside 0.0.0.0 0.0.0.0 192.168.2.254 1
    route inside 192.129.30.0 255.255.255.0 10.1.1.254 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    telnet 10.1.0.0 255.255.0.0 inside
    telnet 192.129.30.0 255.255.255.0 inside
    telnet timeout 30
    ssh 192.129.30.0 255.255.255.0 inside
    ssh timeout 30
    ssh version 1
    console timeout 0
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map global_policy
    class inspection_default
    inspect dns maximum-length 512
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect http
    inspect ils
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect sip
    inspect xdmcp
    inspect tftp
    policy-map global-policy
    class inspection_default
    !
    service-policy global_policy global
    tftp-server inside 192.129.30.3 pix.config
    : end


    So what could be wrong here?

    Regards,
    Christoph Gartmann

    --
    Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
    Immunbiologie
    Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
    D-79011 Freiburg, Germany
    http://www.immunbio.mpg.de/home/menue.html
     
    Christoph Gartmann, Jun 14, 2005
    #1
    1. Advertising

  2. In article <d8n0rq$rq9$>, I (Christoph Gartmann) wrote:

    >after the upgrade of our PIX515 to version 7.0.1(2) I am no longer able
    >to do a "write net" to our tftp-server. The strange thing is this:
    >- from a similar pix (again 515, same software version) the tftp transfer
    > is no problem.
    >- from the pix in question to a different tftp server the transfer is working
    > all right.
    >- both pixen are able to ping to both tftp servers.
    >- the tftp file is created but then the pix reports a timeout (after quite
    > some time).
    >- this problem pix is the only one having trouble with this tftp server.
    >- there is nothing rejected in the log.

    [...]

    Solved the problem. It was not related to the Pix but to the TFTP server. The
    latter had two IP addresses, the one used by the Pix and one in the same IP net
    as the Pix. So the TFTP server sent the acknowledgements with its secondary
    address :-(

    Regards,
    Christoph Gartmann

    --
    Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
    Immunbiologie
    Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
    D-79011 Freiburg, Germany
    http://www.immunbio.mpg.de/home/menue.html
     
    Christoph Gartmann, Jun 15, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. love0503hk
    Replies:
    2
    Views:
    8,104
    Walter Roberson
    Nov 26, 2003
  2. Masud Reza
    Replies:
    1
    Views:
    3,015
    Walter Roberson
    Jan 3, 2004
  3. Blouz
    Replies:
    2
    Views:
    2,279
  4. Christoph Gartmann

    Strange TFTP problem via Pix

    Christoph Gartmann, Mar 16, 2006, in forum: Cisco
    Replies:
    3
    Views:
    1,192
  5. Sharad
    Replies:
    0
    Views:
    650
    Sharad
    Feb 13, 2007
Loading...

Share This Page