topic Also, I've tried the in Network Security

TFTP From INSIDE Interface (which is also being used as management)

csimpson78701 — Tue, 12 Mar 2019 05:37:18 GMT

I have moderate skills with 5500 series ASAs, so please read what I have tried before spending the time to respond. The ASA that this is regarding is running 8.2(4), and I do not run ASDM. Also, I'm attempting to upgrade these dinosaurs to more modern code. We have a ton of customized WebVPN content that I need to export--and I don't want to spend days copying and pasting from putty.

The organization I'm with now implemented their ASAs with the "inside" interface (security level 100) also being used as the management interface. I am trying to upload information from the inside interface to various hosts (for management, etc), but get "%Error writing tftp://x.x.x.x/filename (Access violation)" message every time. I've tried writable HTTP/FTP/TFTP and all result in the same error.I have absolutely verified that this is not an HTTP/FTP/TFTP server problem! This is a policy violation problem from the ASA itself.

I have created an access list similar to the following:

ASA-01(config)# access-list asa-to-inside extended permit ip host <inside interface IP> any

Also, have done the management-access inside

Can anyone help me figure out what I'm doing wrong? The bureaucracy around here prevents me from having a proper management cable run and connected to a security level 0 management interface.

On 7.1 there is a option in

Dennis Mink — Tue, 10 Mar 2015 21:57:36 GMT

On 7.1 there is a option in the asdm, where TFTP access is controlled. i.e. where a TFTP server can be configured. Device management>Management Access>TFTP client. have you configured this?

I'm on 8.2(4) and not using

csimpson78701 — Wed, 11 Mar 2015 00:18:00 GMT

I'm on 8.2(4) and not using ASDM.

Also, I've tried the

csimpson78701 — Wed, 11 Mar 2015 00:21:58 GMT

Also, I've tried the equivalent in CLI, this yields the same results. It seems that the inside interface does not want to allow this traffic, even though I've opened it up via ACL.

Also, I've tried the

csimpson78701 — Wed, 11 Mar 2015 00:22:17 GMT

Also, I've tried the equivalent in CLI, this yields the same results. It seems that the inside interface does not want to allow this traffic, even though I've opened it up via ACL.

Also, I've tried the

csimpson78701 — Wed, 11 Mar 2015 00:22:37 GMT

Also, I've tried the equivalent in CLI, this yields the same results. It seems that the inside interface does not want to allow this traffic, even though I've opened it up via ACL.

Please don't bite my head off

Jon Marshall — Wed, 11 Mar 2015 01:47:57 GMT

Please don't bite my head off but are you absolutely sure that the TFTP server is okay.

As far as I know the ASA doesn't care where you tftp from and you certainly don't need an acl because that only controls traffic through the ASA not from it.

Have you tried creating the filename on the TFTP server and making sure the permissions are correct ?

Like I say, I appreciate what you are saying but I can't think of anything on the ASA you have to modify to get this working.

Jon