08-05-2022 01:27 AM
Hi all
I need to do a reimage of an SFR module running on an ASA 5508 and part of the process requires the ASA to have anonymous FTP access to an FTP server across the network. To ensure the FTP access is in place before starting the upgrade process I tested it by attempting the download of a text file, the result of which was "Error opening ftp://ftp_server_ip_address/test.txt (Permission denied)".
The anonymous user is setup ok in the ftp server and has a mount point of "/" associated with folder C:\Filezilla_Root and there are no firewalls between this firewall and the FTP server. The only thing I can think of now is that the connection is being blocked by itself.
So the question is is are connections initiated from the ASA itself subject to its own firewall rules? I always thought not but any clarification would be appreciated.
Thanks
Phil.
08-05-2022 01:35 AM
- To verify you analysis . check the logs of the FTP server (too) , when the ftp attempt is made , check if anything is reported in there (if needed and or the ftp server supports it ,then turn on debugging)
M.
08-05-2022 04:21 AM - edited 08-05-2022 05:20 AM
https://www.oreilly.com/library/view/cisco-ios-cookbook/0596527225/ch01s07.html
read about Permission denied in this link.
""Aborting the upgrade early in the process like this ensures that you don’t erase the flash unless there is a suitable replacement image available for download.""
08-05-2022 05:12 AM
Usually the permission denied error indicates that the folder or file location requires authentication to access it. Are you 100% sure that the file location does not require authentication? and if this is a windows computer, have you made sure to turn off windows firewall or at least allow FTP connection in windows firewall?
08-05-2022 08:37 AM
The access list rules you configured on the firewall are only going to affect the transit traffic, not the traffic generated by the ASA itself. I agree with @Marius Gunnerud the issue seems to be related to the folder permissions on the FTP server. When you get the permissions error, it would mean the connection itself has been established, but there were no enough permissions to read from the remote folder.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide