Re: [fw-wiz] TFTP over vpns
- From: "Mathew Want" <mathew.want@xxxxxxxxxx>
- Date: Mon, 19 Feb 2007 09:49:17 +1100
Craig,
I had an instance last week where we were trying to block the reply traffic
from a TFTP server with an ACL (the joys of an exercise in a Cisco course).
What the instructor found was that in one of the RFC's (or similar tech doc)
that some implementations of TFTP servers, although contacted on UDP/69,
answer on udp/XX69. This would get dropped by a firewall tracking the UDP
traffic as it would appear as a new connection rather than a reply to an
existing one.
Hope this helps.
M@
--
"Some things are eternal by nature,
others by consequence"
-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Craig
Van Tassle
Sent: Thursday, 15 February 2007 1:45 AM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] TFTP over vpns
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have tried that. The reason we are using TFTP is for our VOIP phones to
pull
down the config setting upon reboot.
Over all I prefer SCP or SFTP but in this case its not avaliable.
Akash Rao wrote:
Craig,
It is tough to know what might be wrong without checking the logs of the
firewalls. I hope you have tried to telnet to the tftp server on port 69
(default port for tftp) from a client in remote lan and confirmed that
the tftp server is running. Now, try the same test with a client in "my
lan" and confirm the same.
On a seperate note, i would suggest using scp or sftp rather than tftp
to transfer files. Since these are more secure.
Cheers,
Akash
On 2/10/07, * Craig Van Tassle* <craig@xxxxxxxxxxxxx
<mailto:craig@xxxxxxxxxxxxx>> wrote:
I have a couple of remote sites that are using Cisco firewalls for
Lan-Lan vpn.
I have all the proper rules for so I can remote connect to servers
on the other
side, and ping works fine. However I'm trying to use something like
tftp over
from my lan to the remote lan. It does not seem to work. Any ideas?
Thanks
Craig
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
<mailto:firewall-wizards@xxxxxxxxxxxxxxxxxxxxx>
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
------------------------------------------------------------------------
_______________________________________________-----BEGIN PGP SIGNATURE-----
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF0yCCAOTIJ89W4sIRAv5HAJ4rZwHnKZsacxQuCsnGkfVvKWBqQACgkFOj
LHGsDrR0Fip1H3E1Ima4SIk=
=7MNZ
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] TFTP over vpns
- From: Carson Gaspar
- Re: [fw-wiz] TFTP over vpns
- References:
- [fw-wiz] TFTP over vpns
- From: Craig Van Tassle
- Re: [fw-wiz] TFTP over vpns
- From: Akash Rao
- Re: [fw-wiz] TFTP over vpns
- From: Craig Van Tassle
- [fw-wiz] TFTP over vpns
- Prev by Date: Re: [fw-wiz] incoming NAT/PATs for VPN users
- Next by Date: Re: [fw-wiz] TFTP over vpns
- Previous by thread: Re: [fw-wiz] TFTP over vpns
- Next by thread: Re: [fw-wiz] TFTP over vpns
- Index(es):
Relevant Pages
|
