cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1205
Views
10
Helpful
4
Replies
Beginner

Upgrade ASA over VPN via inside interface

Hello

I am trying to upgrade a Cisco ASA over an IPSEC VPN tunnel. My FTP server is on the remote side of the VPN tunnel but I am initiating connections from the inside interface of the firewall. I am currently managing the Firewall over the VPN via it's inside interface (using the management-access inside) command. When I try and update via FTP, the connection is going straight out the outside interface (and not across the VPN tunnel)

I have tried upgrading via TFTP but it keeps stopping randomly with (unspecified error) I normally upgrade via FTP though but it's not working in this instance.

Essentially what I am asking, is is there an equivalent command for FTP that there is for TFTP: tftp-server interface ip anyconnect

I need the connections to originate from the inside interface so they traverse the VPN. I am running 7.2.3

Thanks in advance.

4 REPLIES 4
Mentor

Upgrade ASA over VPN via inside interface

Hi,

I havent tested this myself other than in L2L VPN situations but would there be a possibility to add the actual VPN endpoint pubpic IP address in the VPN Client configurations and with that enable yourself to transfer files through the VPN Client connection?

Other options I would think would be

  • Simply using a host on the LAN for the update process. Both loading the image to the LAN computer and from there to the actual ASA
  • Host the file somewhere on the public network though I guess you would do this if you had a chance to host a publicly reachable server at your location? Could there be a chance to use a temporary portforward configuration at your local site to enable transfers?

I might be able to lab this at some point.

- Jouni

Beginner

Upgrade ASA over VPN via inside interface

Hi Jouni

Thanks a lot for all the suggestions, I do have the option of putting it on a public FTP server but I was looking at ways to do it over the VPN.

I will do some testing.

Thank you

Mark

Highlighted
Beginner

From the remote firewall, to

From the remote firewall, to specify the source interface, try this: 

 copy tftp://1.1.1.1/filename.bin;int=inside flash:

Here is where I got this:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa70/command/reference/cref_txt/c.html#wp1970383

Everyone's tags (1)
Beginner

Re: From the remote firewall, to

I know this is an old post, but this command does work. I was pulling my hair out trying to ftp new images to my ASAs over site-to-site VPNs; this did the trick! Thank you Dan Mullendore!
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here