09-22-2022 11:18 AM
I am trying to re-mage an SFR module on an ASA but when I do a system install via ftp, I get a permission denied error. I have ruled out the FTP server as the issue as I am able to FTP to a totally different set of firewalls so that should rule out the server as the issue. I then connected locally to the inside interface of the asa (basically just putting my laptop in the same subnet/vlan) as the inside interface and get the same error. I also tried to source from different interfaces (inside, management) with no luck. I have never seen this before where you can't ftp. NOTE: TFTP does work to the asa but from all I have read when you do the system install on the SFR you cannot use TFTP.
09-22-2022 11:16 PM
- Could you post a screenshot of the error ?
M.
09-23-2022 08:34 AM
This is the error i get back on the ASA.
Accessing ftp://marc:123987@10.31.2.39/asasfr-5500x-boot-6.4.0-1.img...
%Error opening ftp://marc:123987@10.31.2.39/asasfr-5500x-boot-6.4.0-1.img (Permission denied)
09-23-2022 09:10 AM
- Is this a push or get operation , meaning post full CLI command tried (tx).
M.
09-27-2022 08:28 AM
Hi,
I am just trying to get a file from my ftp server back to the asa. This is the command I am running. it works fine to another set of firewalls fine. I just plugged my laptop/ftp server locally to the management interface and get permission denied.
copy ftp://marc:123987@10.31.2.39/asasfr-5500x-boot-6.4.0-1.img disk0:/asasfr-5500x-boot-6.4.0-1.img
09-28-2022 01:52 AM
- Check logs on the ftp server when this is tried.
M.
09-28-2022 02:05 AM
Could it be related to any local firewall policy on your FTP "server" that is denying this traffic from this specific ASA? I would personally try to run Wireshark on the FTP server and check what traffic is being exchanged between the two ends.
09-28-2022 02:08 AM
Is there a reason why you are re-imaging using the very old 6.4.0?
Also, when I do a copy like this, I leave the destination file name blank (i.e., disk0:/).
Does your logged in user credential have local admin privilege and are you running the command from enable mode?
09-27-2022 10:37 PM
hi,
can you ping your laptop/FTP IP from the ASA?
a few things to check:
-make sure FTP password is correct
-make sure the image file is present, file name is correct and file location/directory is also correct
-try to use other spare ASA port, connect your laptop and configure L3 IP
-last resort is transfer the image via ASA USB slot
10-07-2022 04:34 AM
Thanks for all the suggestions. I ended up converting my laptop into a webserver and the file transfer worked to the asa fine but not to the SFR module. I was able to see I/O errors so it ended up being a bad SSD which cisco is replacing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide