PIX firewall configure to allow tftp

Hi, I only have Telnet access to my pix and i need to find out how to add to the config so that i can tftp download from and to the firewall?

Step by step instructions will be appreciated

Thank You
Who is Participating?
To Download the configuration FROM the firewall

You need to get a TFTP server software first.

(Straight from Cisco website)
Follow these steps to download the server by FTP:
Step 1   Start your FTP client and connect to ftp.cisco.com. (Enter your CCO username and password.)
Step 2   You can view the files in the main directory by entering the ls command.
Step 3   Enter cd cisco to move to the top-level software directory.
Step 4   Enter cd web and then cd tftp to access the TFTP software directory.
Step 5   Enter ls to view the directory contents.
Step 6   Enter get to copy the TFTP executable file to your directory.

On the PIX firewall, type in the following:
pixfirewall# write net [<tftp_ip>]:<filename>

<tftp_ip> is the computer where you install the TFTP software
<filename> is the name of the file you want to save the configuration as

To upload new IOS TO the firewall

Follow the steps from this Cisco website

I haven't really try to upload any configuration file to PIX firewall using TFTP.

Good Luck

Solarwinds offer a free download of a very good tftp server - widely used.  You can get it from here


Then just follow Alex_yalas post for commands

ztekAuthor Commented:
The tftp does not work
i need to add the permission to aloow tftp through command line
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

fixup protocol tftp 69
So far, I have only use TFTP server in the inside network. I am not sure if TFTP communication will work to external host. You can try.


* If your TFTP server is connected to the external network, you have to specify it first, by typing
tftp-server [if_name] ip_address path
then type in write net :filename

* If your TFTP server is connected to the internal network, you can do it in either of the following
- Make sure there is no tftp-server configured (see above link how to remove tftp-server config), then type in write net [[server_ip]:[filename]]
- Make sure the tftp-server is configured with the correct IP address of the tftp server, then type in write net :filename

The other thing you have to look out for is, if you have 2 nics on your TFTP server, you need to disable one. Sometimes the TFTP server tries to use the other NIC to respond to the TFTP traffic which breaks the connectivity to the PIX.

Could you give more details what exactly how your network configured and what you are trying to achieve?

By the way, fixup command has nothing to do with allowing TFTP traffic connectivity. Information about fixup can be found at


If you have solarwinds tftp server running on pc ip for example

logon to pix

write net

this creates the file pixconfig in the Solarwinds tftp folder

To copy the file back to the PIX

copy tftp:// startup-config

Reboot PIX for this to take effect.

FYI the above - the reason I advised using the "fixup protocol tftp 69 command" was that I was unsure exactly where you were having the problem and how exactly you you were trying to do this.  You DO need to use this command if you are using static PAT to redirect tftp traffic.  

If you get an error with either of these commands - pls post it and it will help isolate the problem.

ztekAuthor Commented:
the problem is during the tftp transfer it times out.
Tftp times out which way - from or to PIX?
Are you sure TFTP server is running correctly?
Can the PIX definitely see the tftp server?

ztekAuthor Commented:
From pix and yes my tftp server is working correctly
Ok - Do you know what speed your PIX inside interface is set to run on - I have encountered systems were tftp does not like 100MB - have you got a 10MB hub or switch you can try it over?

Are you receiving an error code when it fails - e.g. error code 2, 3, 4 etc

Does your server have multiple IP addresses? (Especially on the same subnet)

If you do, it won't work.

I had the same problem with my remote client a few months back. For some reason the IT provider in that country setup 2 NICs on the same subnet with different IP address. The TFTP server just can't receive any TFTP traffic. As soon as I disabled the unused NIC, it all worked.

Good Luck.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.