Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
654
Views
6
Helpful
8
Replies

Setup / Enable TFTP ASA 5525x

Go to solution
Ced W
Level 1
Level 1

‎08-22-2024 10:03 AM

Hi,
I received help from @Rob Ingram  yday regarding ASDM upgrade. Which was a tremendous success, thank you ...!
However, today, after I did all that, I had to revert back to a previous ASDM version to work with certain computers on out network. Now I cannot TFTP at all to the ASA 5525x, I continue to get "timedout". I can successfully to/from ASA, I verified the directories are set and the tftp server is running. Internal management traffic is and has always been allowed to, no changes to access lists has been made. I have not had much luck googling how to setup/enable tftp on ASA. Could I be missing something ...? Thanks in advance ...!

BORDER-ASA# copy tftp disk0

Address or name of remote host [x.x.x.x]?

Source filename [asdm-7202.bin]?

Destination filename [disk0]? asdm-7202.bin

Accessing tftp://x.x.x.x/asdm-7202.bin...
WARNING: TFTP download incomplete!

%Error reading tftp://x.x.x.x/asdm-7202.bin (Timed out attempting to connect)
BORDER-ASA#

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ced W
Level 1
Level 1

‎08-23-2024 11:18 AM

@BoomShakaLak @MHM Cisco World @Rob Ingram 
Hi ...! 
Soooooo.... I figured it out but I didn't.

I had the cyber guy add my computer to break/fix within Trelix so that polices don't apply to my admin box. However I do not think that was it because I made a booboo. In trying to tshoot, I added a line within the ASA to allow a subnet on the management vlan through, however, I do not think you can name a subnet and the ASA just processed it as 1 IP address, so when I removed the line I was able to TFTP files from local PC to ASA. But even before then I do not know why I lost access to TFTP. I did uninstall SecureCRT, Restart PC, play with settings within SecureCRT, obviously messed with settings within the ASA as well, tried to connect via serial and TFTP without luck. Even going line-by-line with archived and current running config, tried other admin PC's and VM's to TFTP, NOPE ...! 
Maybe the ASA just had a brain fart before I added that line of code!??! And the rest was me chasing me tail.

this is what i messed up on trying to tshoot, maybe I can do it better in the future
access-list tftp extended permit udp sourcex.x.x.x x.x.x.x. destinationx.x.x.x x.x.x.x eq tftp


I can't say for sure what it was before but I am glad I got it situated, thank you all for you input ...! Moving on to the high side ASA, pray for me

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Rob Ingram
VIP
VIP

‎08-22-2024 10:09 AM

@Ced W can you ping the TFTP server? Does it have a local firewall turned on?

You can upload the ASDM software via ASDM, go to tools > Upgrade software from local computer

RobIngram_1-1724346516475.png

 

 

Go to solution
Ced W
Level 1
Level 1

‎08-22-2024 10:15 AM

@Rob Ingram @MHM Cisco World 

Well, I was trying to upgrade the ASDM again but to a later version. So I mistakenly, removed the older version via CLI, then tried to TFTP over the newer version but couldn't so trying to figure out how to do via CLI. And because the ASDM module is no longer on the appliance, I cannot download via web browser(https://x.x.x.x:xxxx).

Go to solution
Rob Ingram
VIP
VIP
In response to Ced W

‎08-22-2024 10:19 AM

@Ced W did you check communication with the TFTP server to make sure the ASA can communicate and another is block the connection, i.e., local firewall on the TFTP server?

Go to solution
MHM Cisco World
VIP
VIP

‎08-22-2024 10:35 AM

https://ccnaguru.com/asdm-upload-asa-tftp-server-hash-tag-list/

You missing some steps 

check link

Note:- path need to add correctly 

MHM

Go to solution
BoomShakaLak
Level 1
Level 1

‎08-22-2024 02:40 PM

It is either an issue with the path or permissions to the file location.  Verify path and permissions.

Go to solution
Ced W
Level 1
Level 1

‎08-23-2024 09:42 AM

I am working with the cyber guy to try and figure this out, once I get a solution I will be sure to post it here. Thank you all ...!

0 Helpful

Go to solution
Ced W
Level 1
Level 1

‎08-23-2024 11:18 AM

@BoomShakaLak @MHM Cisco World @Rob Ingram 
Hi ...! 
Soooooo.... I figured it out but I didn't.

I had the cyber guy add my computer to break/fix within Trelix so that polices don't apply to my admin box. However I do not think that was it because I made a booboo. In trying to tshoot, I added a line within the ASA to allow a subnet on the management vlan through, however, I do not think you can name a subnet and the ASA just processed it as 1 IP address, so when I removed the line I was able to TFTP files from local PC to ASA. But even before then I do not know why I lost access to TFTP. I did uninstall SecureCRT, Restart PC, play with settings within SecureCRT, obviously messed with settings within the ASA as well, tried to connect via serial and TFTP without luck. Even going line-by-line with archived and current running config, tried other admin PC's and VM's to TFTP, NOPE ...! 
Maybe the ASA just had a brain fart before I added that line of code!??! And the rest was me chasing me tail.

this is what i messed up on trying to tshoot, maybe I can do it better in the future
access-list tftp extended permit udp sourcex.x.x.x x.x.x.x. destinationx.x.x.x x.x.x.x eq tftp


I can't say for sure what it was before but I am glad I got it situated, thank you all for you input ...! Moving on to the high side ASA, pray for me

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card