Re: FTP to ASA not working

marc-berger · ‎09-22-2022

I am trying to re-mage an SFR module on an ASA but when I do a system install via ftp, I get a permission denied error. I have ruled out the FTP server as the issue as I am able to FTP to a totally different set of firewalls so that should rule out the server as the issue. I then connected locally to the inside interface of the asa (basically just putting my laptop in the same subnet/vlan) as the inside interface and get the same error. I also tried to source from different interfaces (inside, management) with no luck. I have never seen this before where you can't ftp. NOTE: TFTP does work to the asa but from all I have read when you do the system install on the SFR you cannot use TFTP.

marce1000 · ‎09-22-2022

- Could you post a screenshot of the error ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marc-berger · ‎09-23-2022

This is the error i get back on the ASA.

Accessing ftp://marc:123987@10.31.2.39/asasfr-5500x-boot-6.4.0-1.img...
%Error opening ftp://marc:123987@10.31.2.39/asasfr-5500x-boot-6.4.0-1.img (Permission denied)

marce1000 · ‎09-23-2022

- Is this a push or get operation , meaning post full CLI command tried (tx).

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marc-berger · ‎09-27-2022

Hi,

I am just trying to get a file from my ftp server back to the asa. This is the command I am running. it works fine to another set of firewalls fine. I just plugged my laptop/ftp server locally to the management interface and get permission denied.

copy ftp://marc:123987@10.31.2.39/asasfr-5500x-boot-6.4.0-1.img disk0:/asasfr-5500x-boot-6.4.0-1.img

marce1000 · ‎09-28-2022

- Check logs on the ftp server when this is tried.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Aref Alsouqi · ‎09-28-2022

Could it be related to any local firewall policy on your FTP "server" that is denying this traffic from this specific ASA? I would personally try to run Wireshark on the FTP server and check what traffic is being exchanged between the two ends.

Marvin Rhoads · ‎09-28-2022

Is there a reason why you are re-imaging using the very old 6.4.0?

Also, when I do a copy like this, I leave the destination file name blank (i.e., disk0:/).

Does your logged in user credential have local admin privilege and are you running the command from enable mode?

johnlloyd_13 · ‎09-27-2022

hi,

can you ping your laptop/FTP IP from the ASA?

a few things to check:

-make sure FTP password is correct

-make sure the image file is present, file name is correct and file location/directory is also correct

-try to use other spare ASA port, connect your laptop and configure L3 IP

-last resort is transfer the image via ASA USB slot

marc-berger · ‎10-07-2022

Thanks for all the suggestions. I ended up converting my laptop into a webserver and the file transfer worked to the asa fine but not to the SFR module. I was able to see I/O errors so it ended up being a bad SSD which cisco is replacing.