|
Posted by Walter Roberson on May 28, 2006, 1:05 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>I have about 13 PIX 506e's that I use to create VPN tunnels back to my
>515e. I would like to place a TFTP server on my home network and then
>use the write net command at each of the 506e's to write back to one
>TFTP server. I understand that the Write Net commands tries to use
>interface 1 and that is fine.
No, "write net" uses the interface named in the tftp-server command.
>I can write the file to local TFTP
>servers but I do not want to use 14 different TFTP server if I can
>avoid it. When I try to write to any TFTP server other than the one on
>the local network I get a Timed out attempting to connect. I cannot
>ping the home TFTP server from the other firewall either so I think I
>have a connectivity problem from the firewall.
You might not have configured icmp permit echo-reply outside
Also, be aware that some ISPs block tftp -- and you don't really want
to be tftp'ing a configuration (complete with passwords) in
cleartext over the public internet. Probably what you want to do is
extend your VPN tunnels to include the outside interface of the
PIXes.
| 
XML site map