cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2736
Views
0
Helpful
1
Replies

unable to access tftp server from ASA

Aun Iqbal
Beginner
Beginner

Hi, I am new to ASA and I am trying to downloand a file from tftp server to ASA. I can ping my tftp server but I am unable to download it.

This is a lab/test environment. Please see the configs/logs attached. Any help will be appreciated.

Cheers, Aun

========Configs/Logs=========

ciscoasa# sh run

: Saved

:

ASA Version 8.4(2)

!

hostname ciscoasa

enable password 2KFQnbNIdI.2KYOU encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface GigabitEthernet0

nameif management

security-level 0

ip address 192.168.50.2 255.255.255.0

!

interface GigabitEthernet1

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet2

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet3

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet4

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet5

shutdown

no nameif

no security-level

no ip address

!

ftp mode passive

pager lines 24

logging enable

logging buffered debugging

mtu management 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet timeout 5

ssh 192.168.50.0 255.255.255.0 management

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15

!

!

prompt hostname context

no call-home reporting anonymous

crashinfo save disable

Cryptochecksum:5d065a1797c80ef2a00214d4e450b86c

: end

ciscoasa#

ciscoasa#

ciscoasa# ping 192.168.50.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.50.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms

ciscoasa#

ciscoasa#

ciscoasa# copy tftp flash

Address or name of remote host []? 192.168.50.1

Source filename []? asdm-649-103.bin

Destination filename [asdm-649-103.bin]?

Accessing tftp://192.168.50.1/asdm-649-103.bin...

WARNING: TFTP download incomplete!

%Error reading tftp://192.168.50.1/asdm-649-103.bin (Unspecified Error)

ciscoasa#

ciscoasa# sh log

Syslog logging: enabled

    Facility: 20

    Timestamp logging: disabled

    Standby logging: disabled

    Debug-trace logging: disabled

    Console logging: disabled

    Monitor logging: disabled

    Buffer logging: level debugging, 62 messages logged

    Trap logging: disabled

    Permit-hostdown logging: disabled

    History logging: disabled

    Device ID: disabled

    Mail logging: disabled

    ASDM logging: disabled

User 'Config' executed the 'threat-detection statistics access-list' command.

%ASA-5-111010: User 'Config', running 'N/A' from IP 0.0.0.0, executed 'threat-detection statistics access-list'

%ASA-5-111008: User 'Config' executed the 'no threat-detection statistics tcp-intercept' command.

%ASA-5-111010: User 'Config', running 'N/A' from IP 0.0.0.0, executed 'no threat-detection statistics tcp-intercept'

%ASA-5-502101: New user added to local dbase: Uname: cisco Priv: 15 Encpass: 3USUcOPFUiMCO4Jk

%ASA-5-111008: User 'Config' executed the 'username cisco password * encrypted privilege 15' command.

%ASA-5-111010: User 'Config', running 'N/A' from IP 0.0.0.0, executed 'username cisco password * encrypted privilege 15'

%ASA-5-111008: User 'Config' executed the 'prompt hostname context' command.

%ASA-5-111010: User 'Config', running 'N/A' from IP 0.0.0.0, executed 'prompt hostname context'

%ASA-5-111008: User 'Config' executed the 'no call-home reporting anonymous' command.

%ASA-5-111010: User 'Config', running 'N/A' from IP 0.0.0.0, executed 'no call-home reporting anonymous'

%ASA-5-111008: User 'Config' executed the 'crashinfo save disable' command.

%ASA-5-111010: User 'Config', running 'N/A' from IP 0.0.0.0, executed 'crashinfo save disable'

%ASA-4-411001: Line protocol on Interface management, changed state to up

%ASA-4-713903: IKE reserved IPSec UDP port 10000 on interface management successfully

%ASA-6-720002: (VPN-Secondary) Starting VPN Stateful Failover Subsystem...

%ASA-6-720003: (VPN-Secondary) Initialization of VPN Stateful Failover Component completed successfully

%ASA-6-720004: (VPN-Secondary) VPN failover  main thread started.

%ASA-6-720005: (VPN-Secondary) VPN failover timer thread started.

%ASA-6-720006: (VPN-Secondary) VPN failover sync thread started.

%ASA-6-721001: (WebVPN-Secondary) WebVPN Failover SubSystem started successfully.

%ASA-4-411001: Line protocol on Interface GigabitEthernet0, changed state to up

%ASA-4-411001: Line protocol on Interface management, changed state to up

%ASA-6-713905: IKE port 10000 for IPSec UDP already reserved on interface management

%ASA-3-742001: failed to read master key for password encryption from persistent store

%ASA-6-199002: Startup completed.  Beginning operation.

%ASA-5-502103: User priv level changed: Uname: enable_15 From: 1 To: 15

%ASA-5-111008: User 'enable_1' executed the 'enable' command.

%ASA-7-111009: User 'enable_15' executed cmd: show interface ip brief

%ASA-7-111009: User 'enable_15' executed cmd: show running-config

%ASA-7-609001: Built local-host identity:192.168.50.2

%ASA-7-609001: Built local-host management:192.168.50.1

%ASA-6-302020: Built outbound ICMP connection for faddr 192.168.50.1/0 gaddr 192.168.50.2/30441 laddr 192.168.50.2/30441

%ASA-5-111008: User 'enable_15' executed the 'ping 192.168.50.1' command.

%ASA-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'ping 192.168.50.1'

%ASA-6-302021: Teardown ICMP connection for faddr 192.168.50.1/0 gaddr 192.168.50.2/30441 laddr 192.168.50.2/30441

%ASA-7-609002: Teardown local-host identity:192.168.50.2 duration 0:00:00

%ASA-7-609002: Teardown local-host management:192.168.50.1 duration 0:00:00

%ASA-7-710005: UDP request discarded from 192.168.50.1/55299 to management:239.255.255.250/1900

%ASA-7-710005: UDP request discarded from 192.168.50.1/55299 to management:239.255.255.250/1900

%ASA-7-710005: UDP request discarded from 192.168.50.1/55299 to management:239.255.255.250/1900

%ASA-7-710005: UDP request discarded from 192.168.50.1/55299 to management:239.255.255.250/1900

%ASA-7-710005: UDP request discarded from 192.168.50.1/55299 to management:239.255.255.250/1900

%ASA-7-710005: UDP request discarded from 192.168.50.1/55299 to management:239.255.255.250/1900

%ASA-7-609001: Built local-host identity:192.168.50.2

%ASA-7-609001: Built local-host management:192.168.50.1

%ASA-6-302015: Built outbound UDP connection 2 for management:192.168.50.1/69 (192.168.50.1/69) to identity:192.168.50.2/46959 (192.168.50.2/46959)

%ASA-5-111008: User 'enable_15' executed the 'copy tftp flash' command.

ciscoasa#

ciscoasa#

===========END=============

1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

Are you placing the file in the root directory of your TFTP server?

What are you seeing on your TFTP server log? does it even see the attempt to download the file?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers