Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
11694
Views
0
Helpful
3
Replies

5505 copy ftp fails

Jason Aarons
Level 6
Level 6

ā€Ž03-29-2011 01:23 PM - edited ā€Ž03-11-2019 01:14 PM

The FTP server log shows no hits, from 192.168.1.4 I can telnet to 5505 no problem.

Doing everything on inside interface eth0/1, ftp server  shows up and arp table of 5505 has correct mac for 192.168.1.4

ciscoasa# copy ftp://bob@192.168.1.4/asa841-k8.bin disk0:

Address or name of remote host [192.168.1.4]?

Source username [bob]?

Source password []? download

Source filename [asa841-k8.bin]?

Destination filename [asa841-k8.bin]?

Accessing ftp://bob:downloady@192.168.1.4/asa841-k8.bin...
%Error opening ftp://bob:downloady@192.168.1.4/asa841-k8.bin (Permission denied
)
ciscoasa#

Full running-config attached

3 people had this problem
Labels:
84101-5505 upgrade to 8-4.txt.zip
0 Helpful
3 Replies 3

atrofimu
Level 1
Level 1

ā€Ž03-29-2011 02:01 PM

Jason,

It's possible that some device between the ASA and the server that is not routing/switching traffic correctly. You should do captures on the ASA to ensure that traffic is leaving the ASA. You've already done captures on the server side, and are not seeing any packets; I'd double check any firewall on the server just to be safe.

Based on your configuration, the following command should create a capture called "capin" that will display traffic from the firewall to the server:

capture capin interface inside match ip host 192.168.1.222 host 192.168.1.4

You should then be able to display the packets captured by issuing:

show capture capin

Hope this works for you!

Alex

0 Helpful

Shrikant Sundaresh
Cisco Employee
Cisco Employee

ā€Ž03-29-2011 02:01 PM

Hi Jason,

Could you please check the following:

1. Is windows firewall disabled on 192.168.1.4

2. What does the following packet capture show?

access-list capacl permit ip any host 192.168.1.4

access-list capacl permit ip host 192.168.1.4 any

capture capinside access-list capacl interface inside

show cap capinside

[attach a .pcap version if possible]

3. Does Wireshark capture on  192.168.1.4 show incoming packets? Reply packets?

Alternately, you could also install a TFTP server like TFTPD32 on the system and just do a tftp transfer.

Or, access the ASA via ASDM, and using the File transfer tool, transfer 8.4 image to the flash. (Easiest Option).

-Shrikant

0 Helpful

matthew.robinson02
Level 1
Level 1
In response to Shrikant Sundaresh

ā€Ž07-03-2013 05:41 PM

Looks like doing the access-list capacl permit ip any host 192.168.1.4 and access-list capacl permit ip host 192.168.1.4 any. Allowed the FTP to do the file transfer.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card