Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Problem transfer TFTP through ASA 5505

Hello,

I have a problem with my ASA 5505, I am not able to transfer files bigger than 100ko using TFTP. Below my archiecture:

CME<->ASA5505<->SW3650

Here is what I get when I try to download a file located on the 3650 on my CME:

CME#copy tftp flash

Address or name of remote host [X.X.X.X]?

Source filename [cmterm-7942_7962-sccp.9-3-1SR4-1[1].tar]?

Destination filename [cmterm-7942_7962-sccp.9-3-1SR4-1[1].tar]?

Accessing tftp://X.X.X.X/cmterm-7942_7962-sccp.9-3-1SR4-1[1].tar...

Loading cmterm-7942_7962-sccp.9-3-1SR4-1[1].tar from 10.52.199.126 (via GigabitEthernet0/0): !... [timed out]

Error reading tftp://10.52.199.126/cmterm-7942_7962-sccp.9-3-1SR4-1[1].tar (Connection timed out)

When I look on the ASA monitoring page, I see that a UDP connection is built between the ASA and the SW3650 but 2 minutes later there are "Teardown UDP connection" messages.

Can you please help me? Due to this transfer issue, I am not able to upgrade my IP Phones (the phones only download the first 2 files because there are smaller than 100ko).

Thank you in advance for your help.

Regards.

Thomas.

9 REPLIES
Silver

Thomas,Check whether your CME

Thomas,

Check whether your CME router flash memory have enough space for this file to be copied, or you can try to do ftp transfer if your company policy allow that.
 

New Member

Hello, thank you for your

Hello, thank you for your answer.

I have enough space on my CME to download this file.

FTP transfers don't work. On the ASA monitoring, I see Deny TCP (no connection) when I do FTP transfer.

 

Silver

Default UDP connection time

Default UDP connection time out is 2 minutes through the ASA.

You can modify the timeout values for the specific flow from a particular source to destination . Try changing the default connection timeout of UDP

ASA(config)# access-list CONNS permit udp host  CME ip tftp serverip port
ASA(config)# class-map CONNS
ASA(config-cmap)#match access-list CONNS
ASA(config)# policy-map CONNS
ASA(config-pmap)# class CONNS
ASA(config-pmap-c)# set connection timeout idle 00:30:00
ASA(config)# service-policy CONNS {global | interface interface_name}

you can also globally change the timeout value of UDP using:

ASA(config)# timeout udp 00:30:00

 

Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/conns_connlimits.html#wp1080774

HTH

 

"Please rate helpful posts"

VIP Green

Is port 69 allowed through

Is port 69 allowed through your ASA?  If not then add it in...and ofcourse remove it after the transfer if required

--

Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
New Member

Yes, the UDP port is open

Yes, the UDP port is open (UDP transfers work with small file).

VIP Green

I see, Which TFTP server are

I see, Which TFTP server are you using?  I have heard that there are some TFTP servers which do not support larger files, some that require you to adjust some setting to allow for larger transfers, and so on.  I use TFTPD64 which is the 64bit version of TFTPD32, but have not had any issues with transfering large files using that.

Might be worth a try to change the TFTP server you are using to see if that is the cause of your problem.

http://tftpd32.jounin.net/tftpd32_download.html

--

Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
New Member

Hello,I tried to use my core

Hello,

I tried to use my core switch as TFTP server and also my PC using TFTP 64.

Same issue on both systems (see file attached for TFTP64).

New Member

Hello,Why do you want to

Hello,

Why do you want to change the UDP timeout value?

Why do you think the ASA is

Why do you think the ASA is the one at fault here? Have you tried to connect the switch directly to the CME? Does this work? If this also doesn't solve the issue, have you tried using FTP instead of TFTP?

541
Views
0
Helpful
9
Replies
CreatePlease to create content