In tftpd64 I click on Show Dir; I see the file, yes.

There are also no group policies in effect, and the windows firewall is off on the server 2008 R2

The file is located in C:\tftpd64\asdm-771.bin

Hello Matt,

do you have 'managment-access inside' configured ? Can you post the config of the ASA ?

I do have management-access-inside

I attached configurations in .txt

Hello Matt,

I am not sure about the 'allow-scc-mgmt' command on your Vlan1 interface, as this would require the configuration line in bold as well (where 10.4.1.2/24 is an unused address from the Vlan 1 range, yours might be different)

interface Vlan1
nameif inside
security-level 100
allow-ssc-mgmt
management-only
ip address 10.4.1.1 255.255.255.0

hw-module module 1 ip 10.4.1.2 255.255.255.0 10.4.1.1

I am not sure where the config command management-only comes from (I do not see it in the config copy that I saw in the thread) and I am concerned about it. It would not allow data traffic to use this interface.

HTH

Rick

Georg - 

Thanks for your reply - 

Could provide a little more detail as to what you mean? Doesn't the command you provided have to do with accessing the IDS module?

Thanks!

Hello,

as far as I remember, the 'allow ssc-mgmt' command is used to provide access to an SSC (Security Services Card), which does not have any external interfaces. The corresponding 'hw-module' command is needed to provide access to the card through the IP address specified. I assume you have an SCC installed ?

Thanks for confirming that the file is in the directory where tftpd64 is looking and confirming that there are no security policies on the server which would impact your copying the file.

I notice that all of your logging levels are set to critical. I would suggest changing (temporarily) to informational and then checking the logs as you attempt the file copy and see if there are any log messages that shed light on the problem.

HTH

Rick

cisco# mkdir disk0:/asdm-771.bin

Create directory filename [asdm-771.bin]?

Created dir disk0:/asdm-771.bin
cisco# sho flash
--#-- --length-- -----date/time------ path
151 2048 Feb 01 2017 10:26:47 asdm-771.bin
21 2048 Dec 30 2011 06:10:58 coredumpinfo
22 59 Mar 19 2015 15:01:48 coredumpinfo/coredump.cfg
10 2048 Dec 30 2011 06:40:08 log
20 2048 May 29 2012 07:15:04 crypto_archive
147 394148 May 17 2012 07:06:40 crypto_archive/crypto_eng0_arch_1.bin
148 394148 May 29 2012 07:15:04 crypto_archive/crypto_eng0_arch_2.bin
135 12105313 Dec 30 2011 06:42:50 csd_3.5.841-k9.pkg
136 2048 Dec 30 2011 06:42:52 sdesktop
150 1462 Dec 30 2011 06:42:52 sdesktop/data.xml
137 2857568 Dec 30 2011 06:42:52 anyconnect-wince-ARMv4I-2.4.1012-k9.pkg
138 38367184 Aug 01 2016 17:40:50 anyconnect-win-3.1.09013-k9.pkg
139 12370 Mar 19 2015 15:01:24 8_2_5_0_startup_cfg.sav
140 30486528 May 07 2015 18:52:42 asa923-4-k8.bin

128573440 bytes total (41824256 bytes free)
cisco# conf t
cisco(config)# copy tftp disk0:

Address or name of remote host [10.4.1.3]?

Source filename [255.255.255.0]? asdm-771.bin

Destination filename [asdm-771.bin]?

%Warning:There is a file already existing with this name
Do you want to over write? [confirm]

Accessing tftp://10.4.1.3/asdm-771.bin;int=inside...
%Error reading tftp://10.4.1.3/asdm-771.bin;int=inside (Access violation.)
cisco(config)#

Still unsuccessful 

This is all the information the logs on the tftpd provide:

Connection received from 10.4.1.1 on port 51958 [31/01 16:46:35.054]
Read request for file <asdm-771.bin>. Mode octet [31/01 16:46:35.054]
Using local port 56989 [31/01 16:46:35.161]
Peer returns ERROR <> -> aborting transfer [31/01 16:46:35.559]

I will try to transfer from a PC and see if the results change.

Sure enough, as soon as I tried on PC, worked like a champ. Should have tried this hours ago. 

Any idea where or what permission would cause the access violation on a server as opposed to a workstation?