1 edit | [Config] PIX 501 fixup to ASA-5505 I have Cisco PIX 500 Firewall Version 6.3(5) with following fixup.
fixup protocol tftp 69
fixup protocol tftp 2000
fixup protocol tftp 2427
fixup protocol tftp 5060
fixup protocol tftp 6000
I'm replacing PIX with ASA 5505 and how to add these tftp ports to Cisco ASA-5505 inspect tftp?
Thanks |
|
|
|
| ASA replaced 'fixup' with MPF / 'inspect.' If you're using TFTP on the standard port, it's just
inspect tftp
You could do the rest as follows
class-map [class-map-name]
match port udp eq 2000
match port udp eq 2427
match port udp eq 5060
match port udp eq 6000
policy-map [policy-map-name]
class [class-map-name]
Then attach [policy-map-name] to the default service policy
Regards |
|
| Thanks, let me try that. I'm not really familiar with Cisco command. How to attach policy map to default service policy in config prompt?
Inspect tftp is on by default. Will read some more. |
|
| reply to HELLFIRE
Thanks, let me try that. I'm not really familiar with Cisco command. How to attach policy map to default service policy in config prompt?
Inspect tftp is on by default. Will read some more. |
|
| reply to theinmoe
service-policy [policy-map-name] interface [inside | outside]
Try this config script
config t
class inspection_default
inspect tftp
exit
class-map TFTP_NONSTANDARD
match port udp eq 2000
match port udp eq 2427
match port udp eq 5060
match port udp eq 6000
exit
policy-map MyPolicy
class TFTP_NONSTANDARD
inspect tftp
exit
service-policy MyPolicy interface inside
Regards |
|
