Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
791
Views
0
Helpful
7
Replies

tftp inspect on ACE v.3.2a

Go to solution
axfalk
Level 1
Level 1

‎02-28-2011 04:30 PM

Does anyone happen to know if ACE 3.2a has the tftp inspect?

Thanks...

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
amacuz
Level 1
Level 1

‎03-02-2011 01:05 AM

Hi axfalk,

you can refer to this document

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/security/guide/appinsp.html

where is said that the ACE does not support TFTP fixup.

Hope this helps,

Alessandro

View solution in original post

0 Helpful
7 Replies 7

Go to solution
amacuz
Level 1
Level 1

‎03-02-2011 01:05 AM

Hi axfalk,

you can refer to this document

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/security/guide/appinsp.html

where is said that the ACE does not support TFTP fixup.

Hope this helps,

Alessandro

0 Helpful

Go to solution
axfalk
Level 1
Level 1
In response to amacuz

‎03-02-2011 10:48 AM

Thanks for your response. Is that because TFTP creates a separate data flow?

Thanks again...

0 Helpful

Go to solution
Surya ARBY
Level 4
Level 4
In response to axfalk

‎03-02-2011 11:55 AM

make a persistance on source ip and enable the source NAT for servers through the VIP address. The default gateway has to be the ACE.

0 Helpful

Go to solution
axfalk
Level 1
Level 1
In response to Surya ARBY

‎03-02-2011 05:03 PM

Thanks for your response. We're running in a brideg mode, so  the servers' default gateway is the upstream switch..Would it still be possible?

Thanks again..

0 Helpful

Go to solution
amacuz
Level 1
Level 1
In response to axfalk

‎03-03-2011 01:36 AM

Hi axfalk,

if the inspection of the protocol is not required here but just loadblancing the TFTP requests, you can refer to this document then where the TFTP load-balancing is explained:

https://supportforums.cisco.com/docs/DOC-13771

Also based on the topic of a community you may also have a look at the Documents section to see if the topic of your interested has been already discussed.

I hope you'll find it useful :-).

Give it a try and feel free to post your questions.

Alessandro

0 Helpful

Go to solution
axfalk
Level 1
Level 1
In response to amacuz

‎03-03-2011 04:25 PM

Allesandro, thanks for pointing me to the doc - it's helpful. The question that I have is why it would not work in bridge mode?

Thanks again...

_ Greg

0 Helpful

Go to solution
amacuz
Level 1
Level 1
In response to axfalk

‎03-08-2011 12:58 AM

Hi Greg,

the translation of the source address in a flow is something that normally is required in a bridge-mode environment and this what the document I have sent to you says.

I think you have to src NAT also the flow from the client to the server. Could you post here your configuration relevant for this issue?

Alessandro

0 Helpful
Customers Also Viewed These Support Documents