02-05-2013 12:35 AM - edited 03-11-2019 05:56 PM
Hi, I am new to ASA and I am trying to downloand a file from tftp server to ASA. I can ping my tftp server but I am unable to download it.
This is a lab/test environment. Please see the configs/logs attached. Any help will be appreciated.
Cheers, Aun
========Configs/Logs=========
ciscoasa# sh run
: Saved
:
ASA Version 8.4(2)
!
hostname ciscoasa
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0
nameif management
security-level 0
ip address 192.168.50.2 255.255.255.0
!
interface GigabitEthernet1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet5
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
pager lines 24
logging enable
logging buffered debugging
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh 192.168.50.0 255.255.255.0 management
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
!
!
prompt hostname context
no call-home reporting anonymous
crashinfo save disable
Cryptochecksum:5d065a1797c80ef2a00214d4e450b86c
: end
ciscoasa#
ciscoasa#
ciscoasa# ping 192.168.50.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.50.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
ciscoasa#
ciscoasa#
ciscoasa# copy tftp flash
Address or name of remote host []? 192.168.50.1
Source filename []? asdm-649-103.bin
Destination filename [asdm-649-103.bin]?
Accessing tftp://192.168.50.1/asdm-649-103.bin...
WARNING: TFTP download incomplete!
%Error reading tftp://192.168.50.1/asdm-649-103.bin (Unspecified Error)
ciscoasa#
ciscoasa# sh log
Syslog logging: enabled
Facility: 20
Timestamp logging: disabled
Standby logging: disabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: level debugging, 62 messages logged
Trap logging: disabled
Permit-hostdown logging: disabled
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: disabled
User 'Config' executed the 'threat-detection statistics access-list' command.
%ASA-5-111010: User 'Config', running 'N/A' from IP 0.0.0.0, executed 'threat-detection statistics access-list'
%ASA-5-111008: User 'Config' executed the 'no threat-detection statistics tcp-intercept' command.
%ASA-5-111010: User 'Config', running 'N/A' from IP 0.0.0.0, executed 'no threat-detection statistics tcp-intercept'
%ASA-5-502101: New user added to local dbase: Uname: cisco Priv: 15 Encpass: 3USUcOPFUiMCO4Jk
%ASA-5-111008: User 'Config' executed the 'username cisco password * encrypted privilege 15' command.
%ASA-5-111010: User 'Config', running 'N/A' from IP 0.0.0.0, executed 'username cisco password * encrypted privilege 15'
%ASA-5-111008: User 'Config' executed the 'prompt hostname context' command.
%ASA-5-111010: User 'Config', running 'N/A' from IP 0.0.0.0, executed 'prompt hostname context'
%ASA-5-111008: User 'Config' executed the 'no call-home reporting anonymous' command.
%ASA-5-111010: User 'Config', running 'N/A' from IP 0.0.0.0, executed 'no call-home reporting anonymous'
%ASA-5-111008: User 'Config' executed the 'crashinfo save disable' command.
%ASA-5-111010: User 'Config', running 'N/A' from IP 0.0.0.0, executed 'crashinfo save disable'
%ASA-4-411001: Line protocol on Interface management, changed state to up
%ASA-4-713903: IKE reserved IPSec UDP port 10000 on interface management successfully
%ASA-6-720002: (VPN-Secondary) Starting VPN Stateful Failover Subsystem...
%ASA-6-720003: (VPN-Secondary) Initialization of VPN Stateful Failover Component completed successfully
%ASA-6-720004: (VPN-Secondary) VPN failover main thread started.
%ASA-6-720005: (VPN-Secondary) VPN failover timer thread started.
%ASA-6-720006: (VPN-Secondary) VPN failover sync thread started.
%ASA-6-721001: (WebVPN-Secondary) WebVPN Failover SubSystem started successfully.
%ASA-4-411001: Line protocol on Interface GigabitEthernet0, changed state to up
%ASA-4-411001: Line protocol on Interface management, changed state to up
%ASA-6-713905: IKE port 10000 for IPSec UDP already reserved on interface management
%ASA-3-742001: failed to read master key for password encryption from persistent store
%ASA-6-199002: Startup completed. Beginning operation.
%ASA-5-502103: User priv level changed: Uname: enable_15 From: 1 To: 15
%ASA-5-111008: User 'enable_1' executed the 'enable' command.
%ASA-7-111009: User 'enable_15' executed cmd: show interface ip brief
%ASA-7-111009: User 'enable_15' executed cmd: show running-config
%ASA-7-609001: Built local-host identity:192.168.50.2
%ASA-7-609001: Built local-host management:192.168.50.1
%ASA-6-302020: Built outbound ICMP connection for faddr 192.168.50.1/0 gaddr 192.168.50.2/30441 laddr 192.168.50.2/30441
%ASA-5-111008: User 'enable_15' executed the 'ping 192.168.50.1' command.
%ASA-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'ping 192.168.50.1'
%ASA-6-302021: Teardown ICMP connection for faddr 192.168.50.1/0 gaddr 192.168.50.2/30441 laddr 192.168.50.2/30441
%ASA-7-609002: Teardown local-host identity:192.168.50.2 duration 0:00:00
%ASA-7-609002: Teardown local-host management:192.168.50.1 duration 0:00:00
%ASA-7-710005: UDP request discarded from 192.168.50.1/55299 to management:239.255.255.250/1900
%ASA-7-710005: UDP request discarded from 192.168.50.1/55299 to management:239.255.255.250/1900
%ASA-7-710005: UDP request discarded from 192.168.50.1/55299 to management:239.255.255.250/1900
%ASA-7-710005: UDP request discarded from 192.168.50.1/55299 to management:239.255.255.250/1900
%ASA-7-710005: UDP request discarded from 192.168.50.1/55299 to management:239.255.255.250/1900
%ASA-7-710005: UDP request discarded from 192.168.50.1/55299 to management:239.255.255.250/1900
%ASA-7-609001: Built local-host identity:192.168.50.2
%ASA-7-609001: Built local-host management:192.168.50.1
%ASA-6-302015: Built outbound UDP connection 2 for management:192.168.50.1/69 (192.168.50.1/69) to identity:192.168.50.2/46959 (192.168.50.2/46959)
%ASA-5-111008: User 'enable_15' executed the 'copy tftp flash' command.
ciscoasa#
ciscoasa#
===========END=============
02-05-2013 05:11 AM
Are you placing the file in the root directory of your TFTP server?
What are you seeing on your TFTP server log? does it even see the attempt to download the file?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide