Device can ping, but not TFTP/GET from the server

Question

I am trying to set up device with GNS3 by using my company cloud site, and I am blocked by tftp service.

First of all, here are 2 Cloud Instances I have generated on this cloud site. As listed in this chart, "Basement" and "US-237". Both instance have a internal IP, 10.31.1.97 or 10.31.1.116 respectively, both have a "floating IP", 10.96.131.107 or 10.96.128.81 respectively. This Cloud Site is built somewhere in Canada, and if I was to ssh to those instance from US, which is where I am, I have to use the floating IP address to make the connection.

On this "Basement" host, I have started a tftp service which is try to provide the device license file to any incoming calls. And I have checked this tftp service is up and running OK.

On this "US-237" host side, I have created a basic gns3 project as such:

Which has the diagram of: Cloud <--> Cisco Router <--> Switch <--> X-1, which is my device.

From the device console, I was able to ping this "Basement" with its regular ip, or its floating IP address. But If I was try to tftp file from "basement" to my device, it is totally timeout. Here is the log message on my device side:

 # execute ping 10.31.1.97
PING 10.31.1.97 (10.31.1.97): 56 data bytes
64 bytes from 10.31.1.97: seq=0 ttl=62 time=13.664 ms
64 bytes from 10.31.1.97: seq=1 ttl=62 time=20.204 ms
64 bytes from 10.31.1.97: seq=2 ttl=62 time=16.804 ms

--- 10.31.1.97 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 13.664/16.890/20.204 ms

 # execute ping 10.96.131.107
PING 10.96.131.107 (10.96.131.107): 56 data bytes
64 bytes from 10.96.131.107: seq=0 ttl=61 time=16.563 ms
64 bytes from 10.96.131.107: seq=1 ttl=61 time=13.185 ms
64 bytes from 10.96.131.107: seq=2 ttl=61 time=19.592 ms

--- 10.96.131.107 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 12.893/16.421/19.937 ms
 #
 #
 # execute bios get 10.96.131.107 FX200FTQ2109C2EL.rom
tftp: timeout
Get BIOS file failed...
 #
 # execute bios get 10.31.1.97 FX200FTQ2109C2EL.rom
tftp: timeout
Get BIOS file failed...

And in parallel if I was to to run tcpdump on the basement side, I have seen such messages during 10.96.131.107 tftp session:

18:06:12.999230 IP basement.43620 > oak.fortinet.com.domain: 50389+ [1au] PTR? 6.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (101)
18:06:13.008726 IP oak.fortinet.com.domain > basement.43620: 50389 NXDomain 0/1/1 (165)
18:06:13.008814 IP basement.43620 > oak.fortinet.com.domain: 50389+ PTR? 6.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (90)
18:06:13.017780 IP oak.fortinet.com.domain > basement.43620: 50389 NXDomain 0/1/0 (154)
18:06:24.459591 IP 10.96.128.81.15987 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:24.460896 IP basement.47531 > 10.96.128.81.15987: UDP, length 516
18:06:24.461240 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 15987 unreachable, length 552
18:06:24.560211 IP 10.96.128.81.58208 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:24.561319 IP basement.51987 > 10.96.128.81.58208: UDP, length 516
18:06:24.561699 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 58208 unreachable, length 552
18:06:24.711391 IP 10.96.128.81.35729 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:24.712479 IP basement.55350 > 10.96.128.81.35729: UDP, length 516
18:06:24.712903 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 35729 unreachable, length 552
18:06:24.933100 IP 10.96.128.81.39247 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:24.934302 IP basement.37528 > 10.96.128.81.39247: UDP, length 516
18:06:24.934705 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 39247 unreachable, length 552
18:06:25.275542 IP 10.96.128.81.9773 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:25.276742 IP basement.45751 > 10.96.128.81.9773: UDP, length 516
18:06:25.277079 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 9773 unreachable, length 552
18:06:25.290772 IP basement.39876 > oak.fortinet.com.domain: 17298+ [1au] PTR? 81.128.96.10.in-addr.arpa. (54)
18:06:25.300206 IP oak.fortinet.com.domain > basement.39876: 17298 NXDomain* 0/1/1 (112)
18:06:25.300270 IP basement.39876 > oak.fortinet.com.domain: 17298+ PTR? 81.128.96.10.in-addr.arpa. (43)
18:06:25.309278 IP oak.fortinet.com.domain > basement.39876: 17298 NXDomain* 0/1/0 (101)
18:06:25.779433 IP 10.96.128.81.14638 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:25.780690 IP basement.35264 > 10.96.128.81.14638: UDP, length 516
18:06:25.781101 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 14638 unreachable, length 552
18:06:26.535198 IP 10.96.128.81.45243 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:26.536514 IP basement.53291 > 10.96.128.81.45243: UDP, length 516
18:06:26.536920 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 45243 unreachable, length 552
18:06:27.674862 IP 10.96.128.81.36671 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:27.676230 IP basement.60873 > 10.96.128.81.36671: UDP, length 516
18:06:27.676614 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 36671 unreachable, length 552
18:06:29.377169 IP 10.96.128.81.29045 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:29.378533 IP basement.57606 > 10.96.128.81.29045: UDP, length 516
18:06:29.378909 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 29045 unreachable, length 552
18:06:29.460970 IP basement.47531 > 10.96.128.81.15987: UDP, length 516
18:06:29.461330 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 15987 unreachable, length 552
18:06:29.561398 IP basement.51987 > 10.96.128.81.58208: UDP, length 516
18:06:29.561777 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 58208 unreachable, length 552
18:06:29.712576 IP basement.55350 > 10.96.128.81.35729: UDP, length 516
18:06:29.934407 IP basement.37528 > 10.96.128.81.39247: UDP, length 516
18:06:30.276835 IP basement.45751 > 10.96.128.81.9773: UDP, length 516
18:06:30.780787 IP basement.35264 > 10.96.128.81.14638: UDP, length 516
18:06:30.781347 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 14638 unreachable, length 552
18:06:31.372015 IP 10.96.128.81.50479 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:31.373353 IP basement.44438 > 10.96.128.81.50479: UDP, length 516
18:06:31.536607 IP basement.53291 > 10.96.128.81.45243: UDP, length 516
18:06:31.537004 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 45243 unreachable, length 552
18:06:32.676350 IP basement.60873 > 10.96.128.81.36671: UDP, length 516
18:06:32.676923 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 36671 unreachable, length 552
18:06:33.376599 IP 10.96.128.81.37969 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:33.377870 IP basement.34325 > 10.96.128.81.37969: UDP, length 516
18:06:34.378646 IP basement.57606 > 10.96.128.81.29045: UDP, length 516
18:06:34.379157 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 29045 unreachable, length 552
18:06:34.461033 IP basement.47531 > 10.96.128.81.15987: UDP, length 516
18:06:34.461406 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 15987 unreachable, length 552
18:06:34.561478 IP basement.51987 > 10.96.128.81.58208: UDP, length 516
18:06:34.712653 IP basement.55350 > 10.96.128.81.35729: UDP, length 516
18:06:34.934504 IP basement.37528 > 10.96.128.81.39247: UDP, length 516
18:06:35.014468 ARP, Request who-has _gateway tell basement, length 28
18:06:35.014529 ARP, Reply _gateway is-at 02:50:56:56:44:52 (oui Unknown), length 46
18:06:35.276916 IP basement.45751 > 10.96.128.81.9773: UDP, length 516

And this curing the 10.31.1.97 tftp session:

18:04:50.619282 IP 10.31.1.116.4507 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:50.620570 IP basement.35535 > 10.31.1.116.4507: UDP, length 516
18:04:50.620751 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:50.770201 IP 10.31.1.116.4507 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:50.771532 IP basement.35629 > 10.31.1.116.4507: UDP, length 516
18:04:50.771722 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:50.991547 IP 10.31.1.116.4507 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:50.992812 IP basement.59490 > 10.31.1.116.4507: UDP, length 516
18:04:50.993016 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:51.333577 IP 10.31.1.116.4507 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:51.334874 IP basement.34005 > 10.31.1.116.4507: UDP, length 516
18:04:51.335059 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:51.836528 IP 10.31.1.116.4507 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:51.837824 IP basement.39109 > 10.31.1.116.4507: UDP, length 516
18:04:51.837979 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:52.590960 IP 10.31.1.116.4507 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:52.592228 IP basement.46158 > 10.31.1.116.4507: UDP, length 516
18:04:52.592441 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:53.727449 IP 10.31.1.116.4507 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:53.728740 IP basement.56210 > 10.31.1.116.4507: UDP, length 516
18:04:53.728924 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:55.437455 IP 10.31.1.116.4507 > basement.tftp:  37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:55.438751 IP basement.33467 > 10.31.1.116.4507: UDP, length 516
18:04:55.438980 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:55.520253 IP basement.55033 > 10.31.1.116.4507: UDP, length 516
18:04:55.520420 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:55.620629 IP basement.35535 > 10.31.1.116.4507: UDP, length 516
18:04:55.620843 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:55.686462 ARP, Request who-has 10.31.1.116 tell basement, length 28
18:04:55.686681 ARP, Reply 10.31.1.116 is-at fa:16:53:2d:76:99 (oui Unknown), length 46
18:04:55.695870 ARP, Request who-has basement tell 10.31.1.116, length 46
18:04:55.695875 ARP, Reply basement is-at fa:16:53:6e:cf:9d (oui Unknown), length 28
18:04:55.771612 IP basement.35629 > 10.31.1.116.4507: UDP, length 516
18:04:55.992903 IP basement.59490 > 10.31.1.116.4507: UDP, length 516
18:04:56.334979 IP basement.34005 > 10.31.1.116.4507: UDP, length 516
18:04:56.837928 IP basement.39109 > 10.31.1.116.4507: UDP, length 516
18:04:56.838158 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552

Does anyone know what is going on ?

Thanks in advance for any tips !

Jack