04-19-2012 12:47 AM - edited 03-08-2019 06:45 PM
This document talks about how to download images on ASA using different transfer mechanisms. For example, TFTP, FTP, HTTP, HTTPS and SCP.
From a command line:
1. Enter the following command:
copy tftp://<SERVER>[/path]/filename {flash:/ | disk0:/ |disk1:/ } [path/] filename
Example:
Upgrading Cisco ASA Failover Pair - 3 - 5/7/2008
copy tftp://x.x.x.x/ asa803-19-k8.bin disk0:/ asa803-19-k8.bin
2. ASA will confirm the server and filename, review each and press enter:
Address or name of remote host [x.x.x.x]?
Source filename [asa803-19-k8.bin]?
Destination filename [asa803-19-k8.bin]?
3. If the ASA can communicate with TFTP server, you should see a bunch of !!!!!!! filling
your screen. Monitor this process, if you do not have enough space in the location you’re
moving the file to, you will receive an error during the write process.
From a command line:
1. Enter the following command:
copy ftp://[username[:password]@]<SERVER>[/path]/filename {flash:/ | disk0:/ | disk1:/ } [path/] filename
Example:
copy ftp://cisco:XXXXX@x.x.x.x/ asa803-19-k8.bin disk0:/ asa803-19-k8.bin
2. ASA will confirm the server and filename, review each and press enter:
Address or name of remote host [x.x.x.x]?
Source username [cisco]?
Source password [XXXXX]?
Source filename [asa803-19-k8.bin]?
Destination filename [asa803-19-k8.bin]?
3. If the ASA can communicate with FTP server, you should see a bunch of !!!!!!! filling
your screen. Monitor this process, if you do not have enough space in the location you’re
copying the file to, you will receive an error during the write process.
From a command line:
1. Enter the following command:
copy http[s]://[username[:password]@]<SERVER>[:port] [/path]/filename {flash:/ | disk0:/ | disk1:/ } [path/]filename
Example:
copy http://cisco:XXXXX@x.x.x.x:80/ asa803-19-k8.bin disk0:/ asa803-19-k8.bin
2. ASA will confirm the server and filename, review each and press enter:
Address or name of remote host [x.x.x.x]?
Source filename [asa803-19-k8.bin]?
Destination filename [asa803-19-k8.bin]?
3. If the ASA can communicate with HTTP server, you should see a bunch of !!!!!!! filling
your screen. Monitor this process, if you do not have enough space in the location you’re
copying the file to, you will receive an error during the write process.
The SCP method is the most secure. Before using the method, you need to make sure SCP is enabled on the firewall.
1. Enable SCP on the ASA
To use the SCP method, you must first enable it on the firewall:
hostname(config)# ssh scopy enable
2. Copying files to the ASA
From a Unix/Linux host with OpenSSH or Tectia SSH installed:
1. Enter the following command:
scp –v <filename> username@asa_address
Example: scp –v asa803-19-k8.bin cisco@x.x.x.x
To specify the source interface (if you are pulling the file from a remote site through a VPN tunnel and need the copy to source from the inside interface)
try this:
copy tftp://1.1.1.1/filename.bin;int=inside flash:
Here is where I got this:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa70/command/reference/cref_txt/c.html#wp1970383
Thank you Dan! The inside trick for over the VPN is what I've been looking for!
Question:
If i wanted to copy a file FROM disk0: on the ASA to a MacOS laptop, what would the syntax of the command be?
would it be different for Windows or Ubuntu?
and would I need to have the ssh scopy enable command on as well?
Can copy http://... be used as a part of Day 0 config file?
I actually want to download and configure anyconnect package as a part of Day 0 config file. Is this even possible?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: