Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2117
Views
0
Helpful
3
Replies

TFTP from router though VPN

Go to solution
RegionDist19
Level 1
Level 1

‎03-07-2011 12:20 PM

I'm having trouble TFTPing a configuration from my 851 Router to my computer through a IPsec VPN tunnel that this router is connected though.  I am able to telnet and ping all devices on the far-end with no problem.  I can TFTP a config from a switch behind this router, no problem.  I am guessing this problem is related to an ACL on the router. I am also having trouble connecting to this router using the Cisco Config Professional.  Discovery will fail, with connection could not be established or HTTP service is not enabled.  I have enabled HTTP service.  The CCP works fine when I am on the router's subnet.  Any help greatly appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎03-08-2011 02:34 AM

For TFTP, you will have to specify the router LAN interface (or the router interface that falls under the crypto ACL subnet) using the following command:

ip tftp source-interface

Here is the command reference:

http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_f1.html#wp1011314

For the CCP connection, what ip address are you trying to reach the router on? and also do you have any restriction on who can access the router via HTTP? Please share the "ip http" configuration that you have on the router.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎03-08-2011 02:34 AM

For TFTP, you will have to specify the router LAN interface (or the router interface that falls under the crypto ACL subnet) using the following command:

ip tftp source-interface

Here is the command reference:

http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_f1.html#wp1011314

For the CCP connection, what ip address are you trying to reach the router on? and also do you have any restriction on who can access the router via HTTP? Please share the "ip http" configuration that you have on the router.

0 Helpful

Go to solution
RegionDist19
Level 1
Level 1
In response to Jennifer Halim

‎03-08-2011 05:44 AM

Jennifer,

Executing ip tftp source-interface Vlan1 did the trick, thank you very much.  To access the router I am using the address assigned to the Vlan, which is the same one I can terminal in on.  Here is the section of the config you requested:

ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map nonat interface FastEthernet4 overload

access-list 1 remark HTTP Access-class list
access-list 1 remark CCP_ACL Category=1
access-list 1 permit 192.168.54.0 0.0.0.63
access-list 1 deny   any

I tried adding the subnet that my computer is on to access-list 1, but that didnt help.

0 Helpful

Go to solution
RegionDist19
Level 1
Level 1
In response to RegionDist19

‎03-08-2011 07:50 AM

I was able to fix the problem with connecting from CCP.  When I originally added the subnet to the access-list 1, it placed it below the deny statement.  I re-entered the access rule and made sure it came before the deny statement.  I can connect fine.  Thanks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents