cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


606
Views
0
Helpful
2
Replies

ASA TFTP inspect

Hi All,

I have a question around TFTP inspect. With firewall rule configured to allow connection from outside interface on port 69.

When TFTP inspect is enabled on an ASA firewall, does this specifically only allow for file transfer from client to server ?

Does the above rule also allow for TFTP RRQ from server to client ?

I've tried doing google search with no luck. I will try to get an environment up and running to test this.

In the mean time can someone provide an answer from their experience ?

Thank you

2 REPLIES 2
Hall of Fame Master

Protocol inspection examines

Protocol inspection examines the bidirectional flow for conformance with the protocol.

Do you mean you are allowing connections from hosts upstream of the outside interface or from the interface itself? Can you share your ACL entry (or entries)?

Highlighted
Frequent Contributor

Re: Protocol inspection examines

Hi Martin,

I would also like to (re)touch this subject if you have the time.
Here's my diagram:
Cisco_device (10.10.6.12) goes to ASA (vlan10: 10.10.6.1) then goes to ASA (vlan 20: 10.10.7.1) then it reaches TFTP server.

Here's the config:
access-group vlan_10_ACL in interface vlan10
access-list vlan_10_ACL permit udp any4 any4 eq tftp

Do I need to enable TFTP inspection? If it matters, both interfaces have security-level 0.

Thanks!