Re: [fw-wiz] firewall-wizards Digest, Vol 10, Issue 9

One of the problems we had was that TFTP can be both UDP and TCP. When
VOIP was initiated {we run phones on remote sites through our VPNs for
config} we had the problems you described, it was not until we noted our
illustrious new firewall admin had opened TCP 69 and not UDP69. Once
that was opened to the remote networks, everything started to work fine.
Our firewall logs show that the Cisco & Mitel phones all were trying to
pull on UDP 69

Hash: SHA1

I have tried that. The reason we are using TFTP is for our VOIP phones
to pull
down the config setting upon reboot.

Over all I prefer SCP or SFTP but in this case its not avaliable.

Akash Rao wrote:

It is tough to know what might be wrong without checking the logs of
firewalls. I hope you have tried to telnet to the tftp server on port
(default port for tftp) from a client in remote lan and confirmed that
the tftp server is running. Now, try the same test with a client in
lan" and confirm the same.

On a seperate note, i would suggest using scp or sftp rather than tftp
to transfer files. Since these are more secure.



On 2/10/07, * Craig Van Tassle* <craig@xxxxxxxxxxxxx
<mailto:craig@xxxxxxxxxxxxx>> wrote:

I have a couple of remote sites that are using Cisco firewalls for
Lan-Lan vpn.
I have all the proper rules for so I can remote connect to servers
on the other
side, and ping works fine. However I'm trying to use something like
tftp over
from my lan to the remote lan. It does not seem to work. Any ideas?

firewall-wizards mailing list