Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3178
Views
10
Helpful
4
Replies

Protocol error during upload from Cisco firewall to ftp server

Go to solution
Soren Sjostrom
Level 1
Level 1

‎01-19-2019 11:03 PM

When I try to upload the configuration from my Cisco asa 5520 firewall to an ftp server, I get a protocol error. The command I use is: "copy running-config ftp://anonymous@192.168.1.4". If I make a ftp connection from my local computer to the ftp server, everything goes fine. Why am I getting this error on my Cisco firewall?

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Soren Sjostrom
Level 1
Level 1
In response to balaji.bandi

‎01-20-2019 03:06 PM

Now I finally managed to get things working on a CentOS 7 ftp server. I had to give up making it work on a Ubuntu box. There I continue to get a protocol error. Here's what I did to make it work (if others want to try the same thing):
1) Edit the configuration file /etc/vsftpd/vsftpd.conf and paste the following settings:
anonymous_enable = YES
local_enable = YES
write_enable = YES
anon_upload_enable = YES
anon_root = / var / ftp
anon_world_readable_only = YES
ascii_upload_enable = YES
nopriv_user = ftp
anon_mkdir_write_enable = YES
anon_other_write_enable = YES
connect_from_port_20 = YES

2) Create directory writable by 'ftp' user:

sudo mkdir -p /var/ftp/pub/
sudo chown -r ftp:ftp /var/ftp/pub/

3) Configure  SELinux permissions:
sudo chcon -R -t public_content_rw_t  /var/ftp/pub/
sudo setsebool -P allow_ftpd_anon_write on

4) Edit the directory for user 'ftp' in /etc/passwd
sudo vipw
Edit the entry for user ftp:
ftp:x:14:50:FTP User:/var/ftp/pub:/sbin/nologin
5) Open ftp service in firewall:
sudo firewall-cmd --zone=public --add-service=ftp --permanent
sudo firewall-cmd --reload

6) Start service:
sudo systemctl start vsftpd
7) Enable on boot:
sudo systemctl enable vsftpd

8) Copy the running-config file from the firewall:

copy running-config ftp://192.168.1.5/pub/running-config

 

Best regards

View solution in original post

0 Helpful
4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-20-2019 12:41 AM - edited ‎01-20-2019 12:42 AM

Do you have accessl rule for the FTP ? where is the PC in the sam LAN

provide the configuration of ASA, and  also explain  waht is the PC IP address also which was success.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Soren Sjostrom
Level 1
Level 1
In response to balaji.bandi

‎01-20-2019 03:06 PM

Now I finally managed to get things working on a CentOS 7 ftp server. I had to give up making it work on a Ubuntu box. There I continue to get a protocol error. Here's what I did to make it work (if others want to try the same thing):
1) Edit the configuration file /etc/vsftpd/vsftpd.conf and paste the following settings:
anonymous_enable = YES
local_enable = YES
write_enable = YES
anon_upload_enable = YES
anon_root = / var / ftp
anon_world_readable_only = YES
ascii_upload_enable = YES
nopriv_user = ftp
anon_mkdir_write_enable = YES
anon_other_write_enable = YES
connect_from_port_20 = YES

2) Create directory writable by 'ftp' user:

sudo mkdir -p /var/ftp/pub/
sudo chown -r ftp:ftp /var/ftp/pub/

3) Configure  SELinux permissions:
sudo chcon -R -t public_content_rw_t  /var/ftp/pub/
sudo setsebool -P allow_ftpd_anon_write on

4) Edit the directory for user 'ftp' in /etc/passwd
sudo vipw
Edit the entry for user ftp:
ftp:x:14:50:FTP User:/var/ftp/pub:/sbin/nologin
5) Open ftp service in firewall:
sudo firewall-cmd --zone=public --add-service=ftp --permanent
sudo firewall-cmd --reload

6) Start service:
sudo systemctl start vsftpd
7) Enable on boot:
sudo systemctl enable vsftpd

8) Copy the running-config file from the firewall:

copy running-config ftp://192.168.1.5/pub/running-config

 

Best regards

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Soren Sjostrom

‎01-20-2019 11:38 PM

bare in mind below command allow any one to access the file and security breach.

 

anonymous_enable = YES

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Soren Sjostrom
Level 1
Level 1
In response to balaji.bandi

‎01-21-2019 01:04 AM

Thanks for your input. I am fully aware of it, but for the time being it is no problem since the ftp server is located in my LAN subnet which only I have access to (I have no employees yet). But later it is a problem that I should have taken care of.

0 Helpful
Customers Also Viewed These Support Documents