Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
868
Views
0
Helpful
2
Replies

Transfer ASDM image to ASA over anyconnect VPN connection

Go to solution
Zach Smith
Level 1
Level 1

‎08-25-2014 10:41 AM - edited ‎02-21-2020 05:16 AM

I'm fairly new to the ASA firewalls.  My previous firewall experience is on a different vendor firewall.  I'm working with an ASA 5515-X running ASA 915 and ASDM 713.  I am connecting from Windows 8 and therefore need to upgrade the ASDM to 731.  I have done this before no problem.  My issue with this particular upgrade is I really need to upload the image over a VPN connection.  I cannot setup a NAT on my end to allow the ASA to connect to my public IP - so I can connect to the ASA via anyconnect.  I can SSH into the ASA's public IP (for now) but I obviously cannot transfer the asdm image over my public IP b/c I have no NAT on my end.  So I connect my PC to the anyconnect service and get a VPN IP.  I need to issue the command:

 

copy ftp://user:pass@VPN-IP/asdm-731.bin disk0:

 

I get the following output: Accessing ftp://user:pass@10.255.250.10/asdm-731.bin...
%Error opening ftp://user:pass@10.255.250.10/asdm-731.bin (Permission denied)

 

Anyone know good ways to troubleshoot this via CLI only? 

 

Thanks for your help.

 

Zach

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lovleen Arora
Level 1
Level 1

‎08-25-2014 03:34 PM

Looks like an FTP permission issue . Does the user have read access? Also make sure your win 8 is listening to FTP requests on VPN virtual adapter.

one of the other option is to use a jump host in ur lan behind asa, and then open the asdm from there, using asdm, it will be easier to copy the file to asa flash.

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Lovleen Arora
Level 1
Level 1

‎08-25-2014 03:34 PM

Looks like an FTP permission issue . Does the user have read access? Also make sure your win 8 is listening to FTP requests on VPN virtual adapter.

one of the other option is to use a jump host in ur lan behind asa, and then open the asdm from there, using asdm, it will be easier to copy the file to asa flash.

 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Lovleen Arora

‎08-26-2014 03:56 PM

I agree that the original problem looks like FTP permissions issue. Troubleshooting that would be a way to solve this.

 

I wonder about the suggestion to use a jump host in the lan. I agree that using ASDM is an easier way to solve this issue. But I would think that running ASDM from the AnyConnect session should work (assuming that the ASA is configured to allow ASDM from the VPN address pool).

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card