[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

PIX firewall configure to allow tftp

Posted on 2005-04-06
11
Medium Priority
?
1,128 Views
Last Modified: 2013-11-16
Hi, I only have Telnet access to my pix and i need to find out how to add to the config so that i can tftp download from and to the firewall?

Step by step instructions will be appreciated

Thank You
0
Comment
Question by:ztek
  • 5
  • 3
  • 3
11 Comments
 
LVL 3

Accepted Solution

by:
alex_yala earned 2000 total points
ID: 13724628
To Download the configuration FROM the firewall
================================

You need to get a TFTP server software first.

(Straight from Cisco website)
Follow these steps to download the server by FTP:
--------------------------------------------------------------------------------
Step 1   Start your FTP client and connect to ftp.cisco.com. (Enter your CCO username and password.)
Step 2   You can view the files in the main directory by entering the ls command.
Step 3   Enter cd cisco to move to the top-level software directory.
Step 4   Enter cd web and then cd tftp to access the TFTP software directory.
Step 5   Enter ls to view the directory contents.
Step 6   Enter get to copy the TFTP executable file to your directory.

On the PIX firewall, type in the following:
pixfirewall# write net [<tftp_ip>]:<filename>

<tftp_ip> is the computer where you install the TFTP software
<filename> is the name of the file you want to save the configuration as



To upload new IOS TO the firewall
======================

Follow the steps from this Cisco website
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/config/bootmode.htm

I haven't really try to upload any configuration file to PIX firewall using TFTP.

Good Luck

Alex
0
 
LVL 19

Expert Comment

by:nodisco
ID: 13724745
Solarwinds offer a free download of a very good tftp server - widely used.  You can get it from here

http://www.solarwinds.net/Tools/Free_tools/TFTP_Server/download.htm

Then just follow Alex_yalas post for commands

0
 

Author Comment

by:ztek
ID: 13729360
The tftp does not work
i need to add the permission to aloow tftp through command line
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 19

Expert Comment

by:nodisco
ID: 13735132
fixup protocol tftp 69
0
 
LVL 3

Expert Comment

by:alex_yala
ID: 13743840
So far, I have only use TFTP server in the inside network. I am not sure if TFTP communication will work to external host. You can try.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/tz.htm#wp1026054

* If your TFTP server is connected to the external network, you have to specify it first, by typing
tftp-server [if_name] ip_address path
then type in write net :filename

* If your TFTP server is connected to the internal network, you can do it in either of the following
- Make sure there is no tftp-server configured (see above link how to remove tftp-server config), then type in write net [[server_ip]:[filename]]
- Make sure the tftp-server is configured with the correct IP address of the tftp server, then type in write net :filename

The other thing you have to look out for is, if you have 2 nics on your TFTP server, you need to disable one. Sometimes the TFTP server tries to use the other NIC to respond to the TFTP traffic which breaks the connectivity to the PIX.

Could you give more details what exactly how your network configured and what you are trying to achieve?

By the way, fixup command has nothing to do with allowing TFTP traffic connectivity. Information about fixup can be found at
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/fixup.htm

Alex.
0
 
LVL 19

Expert Comment

by:nodisco
ID: 13751100


If you have solarwinds tftp server running on pc ip 192.168.1.5 for example

logon to pix

write net 192.168.1.5:pixconfig

this creates the file pixconfig in the Solarwinds tftp folder

To copy the file back to the PIX

copy tftp://192.168.1.5/pixconfig startup-config

Reboot PIX for this to take effect.

FYI the above - the reason I advised using the "fixup protocol tftp 69 command" was that I was unsure exactly where you were having the problem and how exactly you you were trying to do this.  You DO need to use this command if you are using static PAT to redirect tftp traffic.  

If you get an error with either of these commands - pls post it and it will help isolate the problem.

cheers
0
 

Author Comment

by:ztek
ID: 13755591
the problem is during the tftp transfer it times out.
0
 
LVL 19

Expert Comment

by:nodisco
ID: 13756032
Tftp times out which way - from or to PIX?
Are you sure TFTP server is running correctly?
Can the PIX definitely see the tftp server?


0
 

Author Comment

by:ztek
ID: 13757954
From pix and yes my tftp server is working correctly
0
 
LVL 19

Expert Comment

by:nodisco
ID: 13760414
Ok - Do you know what speed your PIX inside interface is set to run on - I have encountered systems were tftp does not like 100MB - have you got a 10MB hub or switch you can try it over?

Are you receiving an error code when it fails - e.g. error code 2, 3, 4 etc


0
 
LVL 3

Expert Comment

by:alex_yala
ID: 13767992
Does your server have multiple IP addresses? (Especially on the same subnet)

If you do, it won't work.

I had the same problem with my remote client a few months back. For some reason the IT provider in that country setup 2 NICs on the same subnet with different IP address. The TFTP server just can't receive any TFTP traffic. As soon as I disabled the unused NIC, it all worked.

Good Luck.

Alex.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question