Hi Jorge,

Thanks for replying. I think I may not describ my question clearly. The senario I'm asking is a IPSEC site to site VPN, not a Remote access VPN.

Regards,

Hi Michael, yes I did read the first post in l2l, however the test is in RA VPN, but the two similarities that both RA and L2L do have is Ipsec.

the test conducted was on Ipsec RA with tftp server at other end in the case of RA client being the tftp server.

So that being said I could assure the tftp will work on l2l vpn.

Have you tried my suggestions.

eg

SiteA-L2L-SiteB tftpserver in SiteB , you are copying asa congif to tftpserver as long tftp server in siteB is part of the tunnel policy should work, let me know if still no joy to then lab this in L2L scenario.

asa(config)#tftp-server outside

then

asa#copy config tftp

Regards

It doesn't work for me. please see the asa output below.

asa(config)# ping inside 192.168.11.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.11.10, timeout is 2 seconds:

?!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 290/317/370 ms

asa(config)# tftp outside 192.168.11.10 /

WARNING: 'outside' interface has the lowest security level (0).

asa(config)# copy run tftp

Source filename [running-config]?

Address or name of remote host [192.168.11.10]?

Destination filename []?

Cryptochecksum: e4582635 53632293 22b6aa9f 481e2383

!!!!

%Error writing tftp://192.168.11.10//;int=outside (Timed out attempting to connect)

asa(config)#

Sounds as it could be tftp server, do you see any hits in the tftp server logs? how about asdm logs is tftp port 69 seen in the l2l traffic?

[edit]

what tftp server app do you use, is it a windows APP? if so try using complete path

say the root is f: drive of tftp server.

tftp-server outside f:\

Your 'Tftp-server interface' command remind me that ipsec traffic is somehow different. So I set 'tftp-server inside /' on the asa and it works now.

Thanks for your help Jorge.

disccuss on this issue further, the following command works and it copies config to tftp server in remote site.

asa(config)# copy startup-config tftp

Address or name of remote host [192.168.11.10]?

Destination filename []? ttt

!!!!

12681 bytes copied in 8.50 secs (1585 bytes/sec)

however if I put the full path in the copy command it still fails, why? I cannot use prior command because the following command is hard coded in software, how to make it work?

asa(config)# copy startup-config tftp://192.168.11.10/ttt

Address or name of remote host [192.168.11.10]?

Destination filename [ttt]?

!!!!

%Error writing tftp://192.168.11.10/ttt (Timed out attempting to connect)

Try without the path

copy startup-config tftp:192.168.11.10

That's where the difficulty is. The whole command 'copy start tftp://x.x.x.x/xxx.txt' is hard coded in an appliaction, I cannot change it...