Re: FTF 2100 image download issue via cli

abideen.shaikh1 · ‎01-18-2024

Hi All,

From cisco FTD 2100 i am trying to download the image but every time i try SCP or tftp it is failing.

When I am trying from SCP server to FTD. SCP server ask for FTD password then fails and vice verse is failing too. I think to push image from SCP server to Firewall we need to enable SSH on FTD via CLI because i am not able to add it in FMC due to the older version of FTD. Need to upgrade first before i can call it in FMC.

Any help would be appreciated.

wnlb-vpnfw-1a# scope firmware
wnlb-vpnfw-1a /firmware # download image tftp:10.176.57.157/export/netadmin/FTD-IMAGE/cisco-ftd-fp2k.6.7.0-65.SPA
Please use the command 'show download-task' or 'show download-task detail' to check download progress.
wnlb-vpnfw-1a /firmware # show download-task

Download task:
File Name Protocol Server Port Userid State
--------- -------- --------------- ---------- --------------- -----
10.176.57.164
Ftp 0 anonymous Failed
cisco-asa-fp2k.9.18.4.SPA
Tftp 10.176.57.157 0 Failed
cisco-ftd-fp2k.6.7.0-65.SPA
Tftp 0 Failed
scr Scp 0 Failed
scratch Scp 0 Failed

Aref Alsouqi · ‎01-18-2024

Shouldn't be two slashes after the tftp: like this "download image tftp://..."?, would be the same with SCP.

abideen.shaikh1 · ‎01-18-2024

Even "//" didnt help

wnlb-vpnfw-1a /firmware # download image tftp://10.176.57.157/export/netadmin/FTD-IMAGE/cisco-ftd-fp2k.6.7.0-65.SPA
Please use the command 'show download-task' or 'show download-task detail' to check download progress.
wnlb-vpnfw-1a /firmware # show download-task

Download task:
File Name Protocol Server Port Userid State
--------- -------- --------------- ---------- --------------- -----
10.176.57.164
Ftp 0 anonymous Failed
cisco-asa-fp2k.9.18.4.SPA
Tftp 10.176.57.157 0 Failed
cisco-ftd-fp2k.6.7.0-65.SPA
Tftp 10.176.57.157 0 Failed
scr Scp 0 Failed
scratch Scp 0 Failed

balaji.bandi · ‎01-18-2024

FTD has reachability to - 10.176.57.157

For testing copy configuration to TFTP - to confirm TFTP working as expected

Check on the TFTP any request initiated from FTD ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

abideen.shaikh1 · ‎01-18-2024

ping from tftp server

$ ping 10.178.223.118
10.178.223.118 is alive
$

on ftd cli not letting me type file name i want to send to tftp

> copy disk0:
cluster: Copy to cluster: file system
disk0: Copy to disk0: file system
flash: Copy to flash: file system
ftp: Copy to ftp: file system
scp: Copy to scp: file system
smb: Copy to smb: file system
system: Copy to system: file system
tftp: Copy to tftp: file system

Aref Alsouqi · ‎01-18-2024

The TFTP server IP address in the copy command seems to be different than the one you used in the ping command.

abideen.shaikh1 · ‎01-18-2024

TFTP IP = 10.176.57.157

FIREWALL IP = 10.178.223.118

Ping from tftp to firewall works fine

balaji.bandi · ‎01-18-2024

on ftd cli not letting me type file name i want to send to tftp

i mean to copy running config to tftp

#copy running-config ?

  cluster:  Copy to cluster: file system
  disk0:    Copy to disk0: file system
  flash:    Copy to flash: file system
  ftp:      Copy to ftp: file system
  scp:      Copy to scp: file system
  smb:      Copy to smb: file system
  system:   Copy to system: file system
  tftp:     Copy to tftp: file system

this proves you have access to TFTP

if that success - copy the File into root Folder of TFTP and test it (you should see some Logs that FTD try to connect)

if you dont see any logs, then as i mentioned there is restriction something stopping on the host or in the path Firewalls.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Aref Alsouqi · ‎01-18-2024

I see. Is there any local firewall enabled on the TFTP server host?