TFTP Access Through PIX to Perimeter Router

Posted on 2007-11-27
Last Modified: 2008-02-01
      I’m missing a trick here. I need to get ftfp access to my perimeter 2811 router through my pix. I’ve already amended my outbound access-list to allow telnet access which works. I then added another entry fro tftp and no joy. I then added the same entry to my Inbound access-list and still nothing. Here are te pertanent bits of my list.


access-list Outbound extended permit tcp host host eq telnet
access-list Outbound extended permit tcp host host eq 69


access-list Inbound extended permit tcp host host eq 69

Any ideas? Thanks.
Question by:MrPrince
  • 4
  • 3

Expert Comment

ID: 20357494
What are you trying to do?  Backup your router config?  Update the IOS?


Author Comment

ID: 20357819
Backup the config at this stage.

Expert Comment

ID: 20357917
In that case, you would be initiating the TFTP from the router, correct?  Make sure you have a route statement in the router that lets it know to route traffic destined for your internal ranges back to the pix.  What do your route statements look like in the PIX and in the router?
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Author Comment

ID: 20358227
My tftp client is on my desktop machine ( and is initiated from there. I have routes to my perimimeter router and back all sown up, traffic passes properly. I'm sure this is a access-list problem. I can use my tftp client to pull the config from my pix no problem.

Author Comment

ID: 20394949

Accepted Solution

lcit earned 100 total points
ID: 20395051
I'm sorry, but I've never initiated a TFTP session to ANY Cisco device from the client.  It's always been from the device.  Here's a link explaining the device initiated method.  Give it a shot and see if that works.

Author Comment

ID: 20428779
Thanks for the help.

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MiTM SSH session on a Cisco device talking TACACS+ 1 58
Cisco Sup720 Migrate to Sup2T 5 55
Wireless antenna advice/design 6 48
Cisco IP NAT Translation not working 9 26
Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now