Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1919
Views
0
Helpful
2
Replies

ASA TFTP inspect

Munesh Daryanani
Level 1
Level 1

‎06-28-2017 07:52 PM - edited ‎03-12-2019 02:38 AM

Hi All,

I have a question around TFTP inspect. With firewall rule configured to allow connection from outside interface on port 69.

When TFTP inspect is enabled on an ASA firewall, does this specifically only allow for file transfer from client to server ?

Does the above rule also allow for TFTP RRQ from server to client ?

I've tried doing google search with no luck. I will try to get an environment up and running to test this.

In the mean time can someone provide an answer from their experience ?

Thank you

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-28-2017 10:24 PM

Protocol inspection examines the bidirectional flow for conformance with the protocol.

Do you mean you are allowing connections from hosts upstream of the outside interface or from the interface itself? Can you share your ACL entry (or entries)?

0 Helpful

Florin Barhala
Level 6
Level 6
In response to Marvin Rhoads

‎08-02-2018 12:39 PM

Hi Martin,

I would also like to (re)touch this subject if you have the time.
Here's my diagram:
Cisco_device (10.10.6.12) goes to ASA (vlan10: 10.10.6.1) then goes to ASA (vlan 20: 10.10.7.1) then it reaches TFTP server.

Here's the config:
access-group vlan_10_ACL in interface vlan10
access-list vlan_10_ACL permit udp any4 any4 eq tftp

Do I need to enable TFTP inspection? If it matters, both interfaces have security-level 0.

Thanks!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card