ASA5505: save conf via TFTP to a not directly known network.

Lybra1983 · ‎02-09-2011

Hi everybody,

you can find here a schema and fw confs: https://supportforums.cisco.com/message/3289161

I faced another problem related to the above infrastructure.

I've added to fw BBB and CCC also the appropriate ACL for the TFTP server that's in the same subnet of my pc (10.1.1.120), once I did it I've figured out that both fw can ping 10.1.1.120 only if the server had first pinged them: in other words they can ping the server only if they know where to reach 10.1.0.0/24 and with a ping from the server they have an entry on the routing tables, so in this case it works, but as soon as the entry expire, they forget the path to reach it.

I tried to set on BBB a "route inside 10.1.0.0 255.255.255.0 10.245.0.1" but it only caused more problems.

Does someone know how to solve this issue?

Thanks for a help.

Regards,

Luca

Federico Coto Fajardo · ‎02-09-2011

Hi,

Sorry I haven't gone thru your other discussion but just a note:

Do you have connectivity to the TFTP server from the ASA, just can't save the config?

Have you tried setting the TFTP server path on the ASA, for example:

tftp-server inside 1.1.1.1 C:\Users\Documents\Cisco_Images

Federico.

Lybra1983 · ‎02-09-2011

Hi Federico,

problem solved!

I tried to limitate the access to the tftp with 2 acl, one "udp eq tftp" and the other "icmp" and I guess that somehow the issue was due to this.

I simply erased the 2 acl and put only one "ip" and now it's working normally.

Thanks for your help and sorry for the disturb.

Regards,

Luca