Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Unable to copy current-config from IPS 4240 to FTP server

I am in the process of upgrading our Signature File at a client site where there is a 4240 installed.

The readme file for Signature S353 indicates that a copy of the running configuration should be saved away.

I have FTP running on my desktop.

I am entering the following command on the IPS at CLI:

bhiips# copy current-config ftp://192.168.5.189

where I am then prompted for my username, then filename, then password.

I watch as the IPS indicates "Generating current config".

The log output of the FTP (Filezilla) shows my FTP connection successful, but then it bombs. Here is an excerpt:

00151) 08/27/2008 15:45:47 PM - (not logged in) (192.168.10.53)> Connected, sending welcome message...

(000151) 08/27/2008 15:45:47 PM - (not logged in) (192.168.10.53)> 220-FileZilla Server version 0.9.24 beta

(000151) 08/27/2008 15:45:47 PM - (not logged in) (192.168.10.53)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)

(000151) 08/27/2008 15:45:47 PM - (not logged in) (192.168.10.53)> 220 Please visit http://sourceforge.net/projects/filezilla/

(000151) 08/27/2008 15:45:47 PM - (not logged in) (192.168.10.53)> USER Kevin

(000151) 08/27/2008 15:45:47 PM - (not logged in) (192.168.10.53)> 331 Password required for kevin

(000151) 08/27/2008 15:45:47 PM - (not logged in) (192.168.10.53)> PASS ***

(000151) 08/27/2008 15:45:47 PM - kevin (192.168.10.53)> 230 Logged on

(000151) 08/27/2008 15:45:47 PM - kevin (192.168.10.53)> PWD

(000151) 08/27/2008 15:45:47 PM - kevin (192.168.10.53)> 257 "/" is current directory.

(000151) 08/27/2008 15:45:47 PM - kevin (192.168.10.53)> EPSV

(000151) 08/27/2008 15:45:47 PM - kevin (192.168.10.53)> 229 Entering Extended Passive Mode (|||2125|)

(000151) 08/27/2008 15:45:47 PM - kevin (192.168.10.53)> TYPE I

(000151) 08/27/2008 15:45:47 PM - kevin (192.168.10.53)> 200 Type set to I

(000151) 08/27/2008 15:45:47 PM - kevin (192.168.10.53)> STOR current

(000151) 08/27/2008 15:45:47 PM - kevin (192.168.10.53)> 550 Permission denied

(000151) 08/27/2008 15:45:47 PM - kevin (192.168.10.53)> disconnected.

What could be the problem here? I checked the Windows Firewall on my workstation at 192.168.5.189,but it is turned off. I am not sure why I cant save the config away.

It is holding me up from moving forward with the upgrade to Sig 353.

thx

3 REPLIES
Cisco Employee

Re: Unable to copy current-config from IPS 4240 to FTP server

Have you checked permissions on your FTP server to see if a client is able to PUT a file onto your FTP server.

Try connecting from a separate windows PC to your FTP server and login with the userid and password you are using in your copy command. And then try to push a file with a similar name on to your FTP server.

It could be that the FTP server is not configured to allow that userid to put a file on the server.

When you try the above test try and use an FTP client that supports Passive mode. There might be a problem with passive mode on your FTP server.

You might also try running another test from the sensor, but this time instead of copying the configuration try copying the license file from the sensor to your ftp server.

Gold

Re: Unable to copy current-config from IPS 4240 to FTP server

k-melton -

From the looks for your filzilla log, the username does not have write permission on the FTP server. Check user "kevin"'s account privledges.

(000151) 08/27/2008 15:45:47 PM - kevin (192.168.10.53)> STOR current

(000151) 08/27/2008 15:45:47 PM - kevin (192.168.10.53)> 550 Permission denied

Re: Unable to copy current-config from IPS 4240 to FTP server

Go to FileZilla Server Interface >> User and Group Settings >> Select the user >> Add a 'directory' , Give him both read and right permissions.

Regards

Farrukh

1137
Views
0
Helpful
3
Replies
CreatePlease to create content