Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2087
Views
0
Helpful
6
Replies

ASA Firewall backup

mze
Level 1
Level 1

‎03-28-2022 08:05 AM - edited ‎05-02-2022 03:37 AM

We use Solarwinds as our monitoring system and am trying to setup SolarWinds SCP server to backup configs for several ASA firewalls. However, backup is unsuccessful, and I get “permission denied” error on the ASA.

 

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎03-28-2022 08:11 AM

post the error and syntax used - while you transferring the File from ASA to SCP server

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

mze
Level 1
Level 1
In response to balaji.bandi

‎03-28-2022 08:52 AM

hello, 

below is the output for refrence  . 

 

Copy running-config scp://administrator@10.10.10.1

 

I am prompted for a password and I can see on wireshark the ssh negotiation taking place. But I get the following error message on the Firewall.

 

%Error opening scp://administrator@10.50.13.12/running-config (Permission denied)

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to mze

‎03-28-2022 01:30 PM 

%Error opening scp://administrator@10.50.13.12/running-config (Permission denied)

This is most cases you do not enough rights create that file.

on the folder create a dummy running-config file  (give permission to read write and test it)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Octavian Szolga
Level 4
Level 4

‎03-29-2022 11:06 PM

Hi,

 

There may be two issues:

1. key exchange not matching client<-> server

 

Example (on linux server):

 

- Aug 31 16:22:11 shell systemd-logind[602]: New session 397 of user user.
Aug 31 16:22:39 shell sshd[10871]: Unable to negotiate with xxx port 53365: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
Aug 31 16:22:51 shell sshd[10873]: Unable to negotiate with xxx port 59340: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]

 

 

2. you don't have the user's password in your ASA copy command:

 

copy running-config scp://user:password@10.10.10.10

 

 

BR,

Octavian

0 Helpful

mze
Level 1
Level 1

‎04-05-2022 09:34 AM - edited ‎05-02-2022 03:38 AM

ssh error

0 Helpful

Octavian Szolga
Level 4
Level 4
In response to mze

‎04-05-2022 10:39 PM

Hi,

 

Have you taken into consideration the possible issues that I wrote about?

SCP from ASA works just fine. I wrote that post after I tested SCP from ASA to Linux OpenSSH.

 

BR,

Octavian

0 Helpful
Customers Also Viewed These Support Documents