ā03-29-2011 01:23 PM - edited ā03-11-2019 01:14 PM
The FTP server log shows no hits, from 192.168.1.4 I can telnet to 5505 no problem.
Doing everything on inside interface eth0/1, ftp server shows up and arp table of 5505 has correct mac for 192.168.1.4
ciscoasa# copy ftp://bob@192.168.1.4/asa841-k8.bin disk0:
Address or name of remote host [192.168.1.4]?
Source username [bob]?
Source password []? download
Source filename [asa841-k8.bin]?
Destination filename [asa841-k8.bin]?
Accessing ftp://bob:downloady@192.168.1.4/asa841-k8.bin...
%Error opening ftp://bob:downloady@192.168.1.4/asa841-k8.bin (Permission denied
)
ciscoasa#
Full running-config attached
ā03-29-2011 02:01 PM
Jason,
It's possible that some device between the ASA and the server that is not routing/switching traffic correctly. You should do captures on the ASA to ensure that traffic is leaving the ASA. You've already done captures on the server side, and are not seeing any packets; I'd double check any firewall on the server just to be safe.
Based on your configuration, the following command should create a capture called "capin" that will display traffic from the firewall to the server:
capture capin interface inside match ip host 192.168.1.222 host 192.168.1.4
You should then be able to display the packets captured by issuing:
show capture capin
Hope this works for you!
Alex
ā03-29-2011 02:01 PM
Hi Jason,
Could you please check the following:
1. Is windows firewall disabled on 192.168.1.4
2. What does the following packet capture show?
access-list capacl permit ip any host 192.168.1.4
access-list capacl permit ip host 192.168.1.4 any
capture capinside access-list capacl interface inside
show cap capinside
[attach a .pcap version if possible]
3. Does Wireshark capture on 192.168.1.4 show incoming packets? Reply packets?
Alternately, you could also install a TFTP server like TFTPD32 on the system and just do a tftp transfer.
Or, access the ASA via ASDM, and using the File transfer tool, transfer 8.4 image to the flash. (Easiest Option).
-Shrikant
ā07-03-2013 05:41 PM
Looks like doing the access-list capacl permit ip any host 192.168.1.4 and access-list capacl permit ip host 192.168.1.4 any. Allowed the FTP to do the file transfer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide