Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Transfer ASDM image to ASA over anyconnect VPN connection

I'm fairly new to the ASA firewalls.  My previous firewall experience is on a different vendor firewall.  I'm working with an ASA 5515-X running ASA 915 and ASDM 713.  I am connecting from Windows 8 and therefore need to upgrade the ASDM to 731.  I have done this before no problem.  My issue with this particular upgrade is I really need to upload the image over a VPN connection.  I cannot setup a NAT on my end to allow the ASA to connect to my public IP - so I can connect to the ASA via anyconnect.  I can SSH into the ASA's public IP (for now) but I obviously cannot transfer the asdm image over my public IP b/c I have no NAT on my end.  So I connect my PC to the anyconnect service and get a VPN IP.  I need to issue the command:

 

copy ftp://user:pass@VPN-IP/asdm-731.bin disk0:

 

I get the following output: Accessing ftp://user:pass@10.255.250.10/asdm-731.bin...
%Error opening ftp://user:pass@10.255.250.10/asdm-731.bin (Permission denied)

 

Anyone know good ways to troubleshoot this via CLI only? 

 

Thanks for your help.

 

Zach

  • Security Management
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Looks like an FTP permission

Looks like an FTP permission issue . Does the user have read access? Also make sure your win 8 is listening to FTP requests on VPN virtual adapter.

one of the other option is to use a jump host in ur lan behind asa, and then open the asdm from there, using asdm, it will be easier to copy the file to asa flash.

 

2 REPLIES
New Member

Looks like an FTP permission

Looks like an FTP permission issue . Does the user have read access? Also make sure your win 8 is listening to FTP requests on VPN virtual adapter.

one of the other option is to use a jump host in ur lan behind asa, and then open the asdm from there, using asdm, it will be easier to copy the file to asa flash.

 

Hall of Fame Super Silver

I agree that the original

I agree that the original problem looks like FTP permissions issue. Troubleshooting that would be a way to solve this.

 

I wonder about the suggestion to use a jump host in the lan. I agree that using ASDM is an easier way to solve this issue. But I would think that running ASDM from the AnyConnect session should work (assuming that the ASA is configured to allow ASDM from the VPN address pool).

 

HTH

 

Rick

181
Views
0
Helpful
2
Replies
This widget could not be displayed.