pix question regarding configs and tftp

:-) you are wrong

enable-mode config terminal config net tftp-srvaddr:path

See online-help: pixfirewall(config)# conf net ? Usage: configure [terminal|floppy|memory] configure \ http[s]://[:@][:]/ configure net []:[] configure factory-default [ []] clear configure [primary|secondary|all]

Mathias John Smith schrieb:

In article , John Smith wrote: :is there a pix equivalent to the router IOS command "copy tftp start"? :v.6.3(4)

No.

:it seems that you can't tftp a config *to* the pix, only *from* the pix. :am i wrong?

In PIX thru 6.x, there is only the equivilent of "copy tftp running". That is, you can tftp something in, but as it gets tftp'd, it will

*line by line* get processed and make changes -- and if those changes happen to clobber the link to the tftp server, you only have until the end of the current tftp block (512 byte boundaries) to get the link re-established your your session is gone.

You should see the hoops I've had to jump through to tftp in a new configuration from a remote server over a VPN link. (I don't have access to systems at the remote end to temporarily store the configuration on for non-VPN access, and the ISP- equivilent blocks plain tftp so I can't just turn off the VPN link long enough to upload the new config... I have to keep the VPN stable while I change it!)

what version of tftp is being used? I am trying to tftp from a server attached to the pix concole port. i am using tftpd32. I can not seem to get the config from the pix to the server, much less get the path/filename correct.

Any help with that?

In article , d8da wrote: :what version of tftp is being used? I am trying to tftp from a server :attached to the pix concole port.

Do you mean that literally? The PIX console port is a serial port

*only*. You have to attach to one of the ethernet interfaces, and you have to give the interface an IP address and subnet, and you have to configure the 'tftp-server' command (if you know the shortcuts you can skip that step -provided- your server is connected to the 'inside' interface.)

no, I am connected from the PIX to my server via the blue cable that connects to the server serial port. this is how I get to the pdm. And from the pdm I set the IP of the server 192.168.0.3 and the path, c:\tools\tftp. But when I use the PDM to save the config, it gives me access denied messages. How am I supposed to set the correct path and filename?

In article , d8da wrote: :c:\tools\tftp. But when I use the PDM to save the config, it gives me :access denied messages. How am I supposed to set the correct path and :filename?

It is common (but not universal) that tftp daemons require that the destination filename exist before it will allow writing to the file. This is a security measure.

Also, tftp daemons only allow writing to directories they have been configured to allow writing to.

I am not familiar with your particular tftp daemon, so I do not know what specific steps are needed to configure it.

Thanks for the reply. Can you send the exact tftp server you use and the commands? Please?

In article , d8da wrote: :Thanks for the reply. Can you send the exact tftp server you use and :the commands? Please?

The only tftp servers that I have had experience with on Windows have been:

- the one with AT&T's "UWin" project

- (very recently) SolarWinds TFTP.

The SolarWinds TFTP is not starting itself automatically properly, sometimes freezes up, and sometimes thinks that it is already running when it is not, requiring a reboot to restore functionality. On the other hand, it does not require that the destination file be already present.

For the SolarWinds product, I could not, within a reasonable amount of time, determine how to remotely specify an exact destination the way I am accustomed to for Unix systems. What I ended up doing on the PIX was using a destination file name starting with a single forward-slash, which the SolarWinds product automatically translated into its pre-configured destination directory ( C:\PIX in our setup.)

tftp-server inside WindowsHostIP /ConfigFile.txt

then write net would write to C:\PIX\ConfigFile.txt

Thank you for your efforts. I also resolved the problem using tftpd32 by changing the tftp security settings to "none". Since I was on the phone with Cisco for a PDM issue, he also helped me out.

I appreciate it! Have a great weekend.