Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1783
Views
10
Helpful
5
Replies

Cannot SCP with ASA 5545X

TW80CJ5
Level 3
Level 3

‎10-26-2020 06:28 AM - edited ‎10-26-2020 06:56 AM

Good Morning,

 

We have an ASA 5545X thats running 9.14(1). I am having a difficult time using scp to copy configs to my laptop. I have the scp server enabled on the ASA and keep getting errors.

 

I am trying to copy running configs from the ASA to my laptop using SolarWinds SCP Server. I can easily transfer switch configurations to the SCP Server with no problem, its just the ASA giving me fits.

 

Please see the attached screen shots of the ASA CLI and Wireshark. Right now I am directly connected from ASA 1.1.1.1 to my laptop 1.1.1.2.

Labels:
0 Helpful
5 Replies 5

marce1000
VIP
VIP

‎10-26-2020 08:34 AM

 

 (btw there are no screenshots). - When you copy >to the laptop. You only need an scp server on the latter not the ASA, check it's logs (the laptop scp-server's logs). Check if you can find any useful info's.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

TW80CJ5
Level 3
Level 3
In response to marce1000

‎10-26-2020 02:30 PM

I am not getting any FWL log entries that would help. I am gonna get a systems guy to come check workstation in the morning.

0 Helpful

TW80CJ5
Level 3
Level 3
In response to marce1000

‎10-29-2020 05:00 AM

I am sorry I am just getting back to this...Here are the screen shots. I had a systems guy come restore windows firewall logs for more detail.

Preview file
41 KB
Preview file
62 KB
Preview file
47 KB
0 Helpful

marce1000
VIP
VIP
In response to TW80CJ5

‎10-29-2020 07:09 AM

 

 -  From the first screenshot it seems that the solarwinds scp/ssh server does not allow too old ciphers , hence there is a mismatch (below you will find some articles which may help to relax settings at the solarwinds side). Another solution is to use a linux based ssh/scp sever destination which will probably be more flexible : 

         https://thwack.solarwinds.com/t5/SFTP-SCP-Server-Discussions/SSH-ciphers-on-SCP/m-p/345711

        https://support.solarwinds.com/SuccessCenter/s/article/How-to-force-SSH-V2-Only-and-disable-insecure-ciphers-in-Solarwinds-SFTP-server-and-NCM?language=en_US

                          For the last one, try the reverse and relax settings, if applicable.

M.

         



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

TW80CJ5
Level 3
Level 3
In response to marce1000

‎10-30-2020 09:08 AM

Please see the attached firewall log. The ASA is 1.1.1.1 and my directly connected laptop is 1.1.1.2.

 

Thanks for the help and links!!!!

Preview file
1 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents