Cisco Support Community
Добро пожаловать в Сообщество Технической поддержки Cisco. Мы рады получить обратную связь .
Community Member

Copy does not work through scp


Please help me!

I need to upload the configuration from the ASA to the  SCP server.
But, the comand "copy running-config scp:" does not work on Cisco ASA 5545-x and Cisco ASA 5515-X
System image file is asa924-smp-k8.bin

fw# copy running-config scp:

Source filename [running-config]?

Address or name of remote host []?

Destination username []? admin

Destination filename [running-config]?
Cryptochecksum: 3d0e3551 0b68954f 3cbe9215 18a6c805

%Error opening scp://admin@ (Permission denied)


Community Member

There is related problem here

There is a related problem here

"Is your scp server a Linux box?  If so, I've always had to create the empty file in the directory and give write permissions to it when writing to my Linux servers.  And those permissions would need to be applied up the directory, tftpboot, network. "
Community Member

 No, we are using SolarWinds

No, we are using SolarWinds-SFTP-SCP-Server. The problem is that the Cisco ASA  blocks the command. No traffic from ASA comes to the SCP server
Community Member

No traffic comes to… Are you

No traffic comes to… Are you sure there is no SSH restrictions on the way?

Community Member

I am sure. ASA and the server

I am sure. ASA and the server are on the same subnet. When the command copy running-config scp: you can specify any other host. The result will be the same (Permission denied). The problem of the Cisco ASA. Somehow, ASA does not allow the execution of command


Community Member

Is it possible that ASA need

Is it possible that ASA needs some license? I’m not sure if ASA must have the strong encryption (3DES/AES) license to support SSH Version 2 connections.

Community Member

 we got a free license 3DES


we got a free license 3DES/AES  from and activate it on the ASA.The result is the same - Permission deniedce

Community Member

Can you ensure that no

Can you ensure that no traffic is leaving the ASA?

capture capin interface inside match ip host host

You should then be able (or unable) to display the packets captured by issuing:

show capture capin

Community Member

at the moment i don't have

at the moment i don't have the access to asa.

However, we had  tried to capture traffic from asa  on the server by using WiresharkPortable. No traffic was visible from ASA.


Community Member

If the SSH traffic is not

If the SSH traffic is not leaving ASA, then you are dealing with ASA misconfig of bug. But if the traffic is leaving ASA, then the problem is outside ASA. I guess you should check it, just to be safe.

Community Member

ok. i will check  in two

ok. i will check  in two weeks.

For your information,this command does not work on four Cisco ASA 5545x and two Cisco ASA 5515x
Community Member

I assumed it should work

Community Member

the problem is solved!it was

the problem is solved!

it was necessary to set SSH version 2. Download additional license 3des from
Полезный материал
СоздатьДля создания публикации, пожалуйста в систему