I have a site to site VPN configured between two ASA 5520s. I have a TFTP server behind ASA1, with an IP of 172.16.1.1 on the "inside" network. I'd like to be able to copy the running config of ASA2 through the VPN to 172.16.1.1, but am unable to do so. I can hit the TFTP server from a machine on the "inside" network of ASA2. Is there a way that I can tell ASA2 to make the TFTP connection from the "inside" network of ASA2, or is there a better solution to this?
Cisco – Making an ASA TFTP backup through VPN
ciscocisco-asavpn
Related Topic
- Cisco ASA VPN tunnel to second location – all traffic flow through first tunnel
- Cisco ASA VPN – Route all internet traffic from remote site through main site’s ISP
- Cisco – Unable to access VPN from inside network (Cisco ASA)
- Cisco – Ping Cisco ASA over VPN
- Cisco – Site-to-site VPN between 5505 and 5512x
- Cisco ASA site-to-site VPN up but no traffic
Best Answer
Assuming you're using the 'copy' command on the ASA to initiate the transfer, it should be possible to specify the interface that you want the tftp client (ASA2) to use the IP of (in this case, originating from the 'inside' interface so that it matches the relevant ACLs.)
Have a look at syntax: http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/c.html#wp1970383
its likely you'll need to issue command as: ASA2#copy running-config tftp://[user[:password]@]server[:port]/[path/]filename[;int=interface_name]