cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Community

ASA: How to download images using TFTP, FTP, HTTP, HTTPS and SCP

117092
Views
20
Helpful
4
Comments

 

Introduction

This document talks about how to download images on ASA using different transfer mechanisms. For example, TFTP, FTP, HTTP, HTTPS and SCP.

 

Using TFTP

From a command line:

1. Enter the following command:

copy tftp://<SERVER>[/path]/filename {flash:/ | disk0:/ |disk1:/ } [path/] filename

 

Example:

Upgrading Cisco ASA Failover Pair - 3 - 5/7/2008

copy tftp://x.x.x.x/ asa803-19-k8.bin disk0:/ asa803-19-k8.bin

 

2. ASA will confirm the server and filename, review each and press enter:

Address or name of remote host [x.x.x.x]?

Source filename [asa803-19-k8.bin]?

Destination filename [asa803-19-k8.bin]?

 

3. If the ASA can communicate with TFTP server, you should see a bunch of !!!!!!! filling

your screen. Monitor this process, if you do not have enough space in the location you’re

moving the file to, you will receive an error during the write process.

 

Using FTP

From a command line:

1. Enter the following command:

copy ftp://[username[:password]@]<SERVER>[/path]/filename {flash:/ | disk0:/ | disk1:/ } [path/] filename

Example:

copy ftp://cisco:XXXXX@x.x.x.x/ asa803-19-k8.bin disk0:/ asa803-19-k8.bin

 

2. ASA will confirm the server and filename, review each and press enter:

Address or name of remote host [x.x.x.x]?

Source username [cisco]?

Source password [XXXXX]?

Source filename [asa803-19-k8.bin]?

Destination filename [asa803-19-k8.bin]?

 

3. If the ASA can communicate with FTP server, you should see a bunch of !!!!!!! filling

your screen. Monitor this process, if you do not have enough space in the location you’re

copying the file to, you will receive an error during the write process.

 

Using HTTP(S)

From a command line:

1. Enter the following command:

copy http[s]://[username[:password]@]<SERVER>[:port] [/path]/filename {flash:/ | disk0:/ | disk1:/ } [path/]filename

Example:

copy http://cisco:XXXXX@x.x.x.x:80/ asa803-19-k8.bin disk0:/ asa803-19-k8.bin

 

2. ASA will confirm the server and filename, review each and press enter:

Address or name of remote host [x.x.x.x]?

Source filename [asa803-19-k8.bin]?

Destination filename [asa803-19-k8.bin]?

 

3. If the ASA can communicate with HTTP server, you should see a bunch of !!!!!!! filling

your screen. Monitor this process, if you do not have enough space in the location you’re

copying the file to, you will receive an error during the write process.

 

Using SSH/SCP

The SCP method is the most secure. Before using the method, you need to make sure SCP is enabled on the firewall.

 

1. Enable SCP on the ASA

To use the SCP method, you must first enable it on the firewall:

hostname(config)# ssh scopy enable

 

2. Copying files to the ASA

From a Unix/Linux host with OpenSSH or Tectia SSH installed:

1. Enter the following command:

scp –v <filename> username@asa_address

Example: scp –v asa803-19-k8.bin cisco@x.x.x.x

Comments
Beginner

To specify the source interface (if you are pulling the file from a remote site through a VPN tunnel and need the copy to source from the inside interface)

try this: 

 copy tftp://1.1.1.1/filename.bin;int=inside flash:

Here is where I got this:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa70/command/reference/cref_txt/c.html#wp1970383

Beginner

Thank you Dan! The inside trick for over the VPN is what I've been looking for!

Question:

 

If i wanted to copy a file FROM disk0: on the ASA to a MacOS laptop, what would the syntax of the command be?

 

would it be different for Windows or Ubuntu?

 

and would I need to have the ssh scopy enable command on as well?

 

Cisco Employee

Can copy http://...  be used as a part of Day 0 config file?

 

I actually want to download and configure anyconnect package as a part of Day 0 config file. Is this even possible?

CreatePlease to create content
Content for Community-Ad