RE: TFTP "inbound"...
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 20 Dec 2005 22:43:35 -0800
Your PF log says "allowed" - I don't see a problem here?
Do you have any entries between the PIX and the ISA that say "blocked"?
What does the FW log say about that traffic?
--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------
-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx]
Sent: Tuesday, December 20, 2005 10:14 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] TFTP "inbound"...
http://www.ISAserver.org
Hi there
I have a PIX firewall on my outside interface of the ISA firewall, and
am
trying to enable the PIX to TFTP "in" to a server inside my network, and
fetch firmware updates etc.
As I have it, TFTP works on TCP69, but I can't quite get this problem
solved. Not quite sure if secondary connections are required etc.
What I have done so far is to publish the TFTP server on my ISA
Firewall,
using a TFTP protocol definition that looks like this:
Port: 69
Protocol: UDP
Direction: ReceiveSend
What I can see is that when I enable the "Log Allow packets" on my
Packet
Filter service, I can then see the inbound request to my ISA Firewall,
thus
implying the request from the PIX firewall is definitely getting to my
ISA.
Here is the excerpt from my Packet Filter log:
12/20/2005, 16:28:06, <PIX IP>, <ISA External IP>, Udp, 12345, 69, -,
ALLOWED, <ISA External IP>, -, -
Can someone please offer some advice on how to resolve this?
Thanks
William R.
---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient. Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is, for whatever reason, corrupted or does not reach its intended
destination.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
