Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
194735
Views
26
Helpful
4
Comments

ASA: How to download images using TFTP, FTP, HTTP, HTTPS and SCP

Dev Vishwakarma
Cisco Employee
Cisco Employee

‎04-19-2012 12:47 AM - edited ‎03-08-2019 06:45 PM

 

Introduction

This document talks about how to download images on ASA using different transfer mechanisms. For example, TFTP, FTP, HTTP, HTTPS and SCP.

 

Using TFTP

From a command line:

1. Enter the following command:

copy tftp://<SERVER>[/path]/filename {flash:/ | disk0:/ |disk1:/ } [path/] filename

 

Example:

Upgrading Cisco ASA Failover Pair - 3 - 5/7/2008

copy tftp://x.x.x.x/ asa803-19-k8.bin disk0:/ asa803-19-k8.bin

 

2. ASA will confirm the server and filename, review each and press enter:

Address or name of remote host [x.x.x.x]?

Source filename [asa803-19-k8.bin]?

Destination filename [asa803-19-k8.bin]?

 

3. If the ASA can communicate with TFTP server, you should see a bunch of !!!!!!! filling

your screen. Monitor this process, if you do not have enough space in the location you’re

moving the file to, you will receive an error during the write process.

 

Using FTP

From a command line:

1. Enter the following command:

copy ftp://[username[:password]@]<SERVER>[/path]/filename {flash:/ | disk0:/ | disk1:/ } [path/] filename

Example:

copy ftp://cisco:XXXXX@x.x.x.x/ asa803-19-k8.bin disk0:/ asa803-19-k8.bin

 

2. ASA will confirm the server and filename, review each and press enter:

Address or name of remote host [x.x.x.x]?

Source username [cisco]?

Source password [XXXXX]?

Source filename [asa803-19-k8.bin]?

Destination filename [asa803-19-k8.bin]?

 

3. If the ASA can communicate with FTP server, you should see a bunch of !!!!!!! filling

your screen. Monitor this process, if you do not have enough space in the location you’re

copying the file to, you will receive an error during the write process.

 

Using HTTP(S)

From a command line:

1. Enter the following command:

copy http[s]://[username[:password]@]<SERVER>[:port] [/path]/filename {flash:/ | disk0:/ | disk1:/ } [path/]filename

Example:

copy http://cisco:XXXXX@x.x.x.x:80/ asa803-19-k8.bin disk0:/ asa803-19-k8.bin

 

2. ASA will confirm the server and filename, review each and press enter:

Address or name of remote host [x.x.x.x]?

Source filename [asa803-19-k8.bin]?

Destination filename [asa803-19-k8.bin]?

 

3. If the ASA can communicate with HTTP server, you should see a bunch of !!!!!!! filling

your screen. Monitor this process, if you do not have enough space in the location you’re

copying the file to, you will receive an error during the write process.

 

Using SSH/SCP

The SCP method is the most secure. Before using the method, you need to make sure SCP is enabled on the firewall.

 

1. Enable SCP on the ASA

To use the SCP method, you must first enable it on the firewall:

hostname(config)# ssh scopy enable

 

2. Copying files to the ASA

From a Unix/Linux host with OpenSSH or Tectia SSH installed:

1. Enter the following command:

scp –v <filename> username@asa_address

Example: scp –v asa803-19-k8.bin cisco@x.x.x.x

Labels:
Comments
Dan Mullendore
Beginner
Beginner
‎03-24-2016 12:37 PM

To specify the source interface (if you are pulling the file from a remote site through a VPN tunnel and need the copy to source from the inside interface)

try this: 

 copy tftp://1.1.1.1/filename.bin;int=inside flash:

Here is where I got this:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa70/command/reference/cref_txt/c.html#wp1970383

smarteam
Beginner
Beginner
‎08-23-2018 10:07 AM

Thank you Dan! The inside trick for over the VPN is what I've been looking for!

jmaldonado@nygenome.org
Beginner
Beginner
‎01-08-2019 09:20 AM

Question:

 

If i wanted to copy a file FROM disk0: on the ASA to a MacOS laptop, what would the syntax of the command be?

 

would it be different for Windows or Ubuntu?

 

and would I need to have the ssh scopy enable command on as well?

 

rjethani
Cisco Employee
Cisco Employee
‎03-05-2019 02:04 AM

Can copy http://...  be used as a part of Day 0 config file?

 

I actually want to download and configure anyconnect package as a part of Day 0 config file. Is this even possible?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents