cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
419
Views
10
Helpful
5
Replies
Highlighted
Beginner

Cannot SCP with ASA 5545X

Good Morning,

 

We have an ASA 5545X thats running 9.14(1). I am having a difficult time using scp to copy configs to my laptop. I have the scp server enabled on the ASA and keep getting errors.

 

I am trying to copy running configs from the ASA to my laptop using SolarWinds SCP Server. I can easily transfer switch configurations to the SCP Server with no problem, its just the ASA giving me fits.

 

Please see the attached screen shots of the ASA CLI and Wireshark. Right now I am directly connected from ASA 1.1.1.1 to my laptop 1.1.1.2.

5 REPLIES 5
Highlighted
VIP Advocate

 

 (btw there are no screenshots). - When you copy >to the laptop. You only need an scp server on the latter not the ASA, check it's logs (the laptop scp-server's logs). Check if you can find any useful info's.

 M.

Highlighted

I am not getting any FWL log entries that would help. I am gonna get a systems guy to come check workstation in the morning.

Highlighted

I am sorry I am just getting back to this...Here are the screen shots. I had a systems guy come restore windows firewall logs for more detail.

Highlighted

 

 -  From the first screenshot it seems that the solarwinds scp/ssh server does not allow too old ciphers , hence there is a mismatch (below you will find some articles which may help to relax settings at the solarwinds side). Another solution is to use a linux based ssh/scp sever destination which will probably be more flexible : 

         https://thwack.solarwinds.com/t5/SFTP-SCP-Server-Discussions/SSH-ciphers-on-SCP/m-p/345711

        https://support.solarwinds.com/SuccessCenter/s/article/How-to-force-SSH-V2-Only-and-disable-insecure-ciphers-in-Solarwinds-SFTP-server-and-NCM?language=en_US

                          For the last one, try the reverse and relax settings, if applicable.

M.

         

Highlighted

Please see the attached firewall log. The ASA is 1.1.1.1 and my directly connected laptop is 1.1.1.2.

 

Thanks for the help and links!!!!

Content for Community-Ad