Cisco Firewall :: Backup ASA-5510 From A Server Via TFTP?

May 29, 2012

ow to backup Cisco ASA-5510 from a Linux server via TFTP?I do know how to backup a switch or a router. Basically creating an access list such as:
access-list 55 remark PERMIT hosts requesting TFTP access
access-list 55 permit host
and allowing access to
tftp-server nvram:startup-config 55
all this inside the router or the switch. From the Linux box just running a simple command such as:
tftp -c get startup-config newbackup.conf
where is the IP address of the switch and newbackup.conf is the name of the config file stored on the Linux machine.So, how do I do that with an ASA box? how to backup ASA from inside it.

View 1 Replies


Cisco VPN :: ASA 5505 Backup Configuration To TFTP Server?

Oct 4, 2011

Is there a way to backup the configuration file to a tftp server? I've tried "copy start tftp" and copy run tftp". No luck, I get an error message.

View 1 Replies View Related

Cisco Infrastructure :: 831 - Cannot Backup Config To Local TFTP Server

May 24, 2012

I have a Cisco 831 router (c831-k9o3y6-mz.124-5c.bin) that cannot backup the config to a local tftp server.  I have seen this behavior on a few different Cisco devices over the years and have never found a solution.  The connection is made to the tftp server (in this case tftpd but similar behavior on any tftp server) and a blank file is created on the target machine file system, but the data is never transferred.
The router shows %Error opening tftp:// (Timed out) [Failed]
The tftpd log shows 5 repeated attempts at the file write.
Connection received from on port 53570 [25/05 11:56:40.922]
Write request for file <router-confg>. Mode octet [25/05 11:56:40.922]
Using local port 61607 [25/05 11:56:40.922]
<router-confg>: rcvd 0 blk, 0 bytes in 3 s. 0 blk resent [25/05 11:56:43.922]
Connection received from on port 53570 [25/05 11:56:43.923]

This is also stopping me upgrading the image on the router as I cannot transfer in the other direction either.

View 1 Replies View Related

Cisco Switching/Routing :: 4506e Start-up Config Backup To Tftp Server

Mar 15, 2012

how can i take backup of startup config to tftp server through tftpd server.I am using 4506e switch

View 2 Replies View Related

Cisco Security :: PIX 501 Resetting Firewall - Cannot Connect To TFTP Server

Aug 26, 2012

I have been trying to get a PIX 501 firewall reset and have been having the hardest time. Im a student and this is my first experience with a firewall. I have been going through the steps here URL,I cant seem to connect to the tftp server, I have several nic's on my computer and tried them both and even plugged the firewall to the router and tried to use the gateway to connect but it doesn't seem to want to even ping for me.

View 4 Replies View Related

Cisco VPN :: 5510 - AnyConnect Backup Server When Session Limit Hit

Mar 21, 2012

Is it possible for AnyConnect to utilise the backup server defined in the connection profile when the session limit is hit on an ASA?  Essentially if I hit the 250 limit on my ASA 5510 in Region A, will it try the backup server ASA defined in the connection profile which is in Region B?
From what I have read, the backup server only kicks in when the AnyConnect client cannot connect, but in this scenario it will connect but get an error message.

View 1 Replies View Related

Cisco WAN :: Unable To Take Backup Of Switch C2960 Using Copy Flash - Tftp

Jul 27, 2011

I m unable to take backup of Switch c2960 using
#Copy flash: tftp
while i m taking it show some error
t#copy flash: tftp:
Source filename []? c2960-lanbasek9-mz.122-44.SE6
Address or name of remote host []?
Destination file name [c2960-lanbasek9-mz.122-44.SE6]?
%Error reading flash:c2960-lanbasek9-mz.122-44.SE6(Is a directory)
sh flash:
Directory of flash:/
    2  -rwx        1919   Mar 1 1993 10:27:17 +05:30  private-config.text
    3  -rwx       11056   Mar 1 1993 10:27:17 +05:30  config.text
    4  -rwx         804   Mar 1 1993 05:30:42 +05:30  vlan.dat
    6  -rwx        2072   Mar 1 1993 10:27:17 +05:30  multiple-fs
    7  drwx         192   Mar 1 1993 05:37:02 +05:30  c2960-lanbasek9-mz.122-44.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - ISP Backup Setup

Apr 5, 2011

I would like to setup backup ISP in our ASA5510.   Right now the the firewall has for default gateway following command:
"route outside 114.324.321.33 1"  i am changing this to route outside 114.324.321.33 10 track 1 i can setup sla monitoring. As soon as i do the above command and remove the original "route outside 114.324.321.33 1" from asa then internet connection drops. Right now asa interface Ethernet0/0 has main isp configured and configuring  interface Ethernet0/3 as backup. interface Ethernet0/3 name if backup security-level 0 ip address 114.324.321.34 no shut global (backup) 1 interface.
route outside 114.324.321.33 10 track 1 ( Right now in firewall i have" route outside 114.324.321.33 1 " ) route backup 20 track 2
track 1 rtr 1 reach ability
track 2 rtr 2 reach ability

sla monitor 1type echo protocol ipIcmpEcho 114.324.321.33 interface outside sla monitor schedule 1 life forever start-time now sla monitor 2type echo protocol ip Icmp Echo interface backup sla monitor schedule 2 life forever start-time now. Also our firewall has site to site vpn and 1 main ip configured for exchange and remote access. 

View 4 Replies View Related

Cisco Firewall :: Internet Doesn't Work On ASA 5510 For Backup ISP

Feb 15, 2012

I have a ASA 5510. I setup basic configuration to test internet with 2 ISPs. My first line works with out any problem. But my second line doesn't work. Even when i wipe the configuration, and setup only my second isp. Internet doesn't work. Can you tell me if there is anything wrong with this config?
CaaaA01#  sh run
: Saved
ASA Version 8.3(1)
hostname CaaaA01


View 2 Replies View Related

Cisco Firewall :: Backup ASA 5510 Multiple Context Mode

Oct 19, 2011

I am running a ASA 5510 in multiple context mode. IOS 6.4(2), ASDM 6.4(5)106.
In older ios/asdm versions it was possible to backup the configuration using ASDM.

In 6.4(5)106 i am missing this feature (see attachment)
Is it possible to backup a multiple context firewall using ASDM and above mentioned software versions?

View 3 Replies View Related

Cisco Firewall :: Use ASA 5510 Smart Call Home Feature For Automatic Backup Creation By Email

Feb 10, 2013

I am trying to use the built in feature of Cisco ASA 5510 smart call home feature with the purpose of automatic backup creation by email. I found the configuration [URL]. I already configured the said instructions but when I send a test email it says it cannot contact the email server. Below is the error that I am getting from our ASA. I am new to firewall.

OGI-MNL-ASA-FW0# call-home test profile ASA_Config_Backup
INFO: Sending test message to
ERROR: Connecting to SMTP server failed: CONNECT_FAILED(33)

View 1 Replies View Related

Cisco Firewall :: ASA 5510 / Add A Mail Server In The LAN And A Webmail Using Port 3000 On The Server?

Jul 24, 2011

I'am using ASA 5510 and I try to understand how PAT is working.I want to add a Mail Server in the LAN and a webmail using port 3000 on the server. ( webmail must be reachable from the WAN)This is my Configuration :actually LAN users access internet using NAT with one global IP ( 194.x.x.69) which is the ASA WAN interface.

WAN ----- ISP Router ----------     FW     ---------- LAN -------- Mail Server + Webmail
|             (25) | (3000)
I need to forward port 3000 and port 25 from outside to inside.For example, from the WAN : [URL] must be redirect toward . What is the Correct Configuration ? And what about the Inside/Outside Traffic,Is there any configuration to add ?

View 2 Replies View Related

Cisco :: LMS 4.2 - Use It As TFTP Server Not Working

Nov 5, 2012

We have a LMS 4.2 installed. And I see the tftp port is open on it. however, every time, i tried to "copy running tftp" to the LMS from a switch, it says the Trying to connect to tftp server Connection to Server Established.TFTP put operation failed:Access violation
i seem not be able to find where to configure the tftp server.

View 2 Replies View Related

Cisco :: Can A Phone Register To Tftp Server From Another LAN

Mar 30, 2012

I am trying to implement a small VoIP LAN (you can see the lan in attachments)for a personal project. I am using:

- 2 x XP (on which i installed Cisco IP Communicator
- 1 x Ubuntu (running GNS3 with a c3600 Router)

The problem is that the phone which is not in the same LAN with the tftp server cannot register.

1) Can a phone register to a tftp server from another LAN ?
2) If the answer for 1) is yes, what am i doing wrong (you can see the details in the attachments)? I mention that the ping works well anywhere in the LAN.

View 11 Replies View Related

Cisco :: IP Phone Getting Firmware From TFTP Server?

Jan 8, 2012

I have a questions on an Ip phone when getting the firmware from the TFTP server (e.g. CME) after bootup,- After the registration with CME, the IP phone will getting an auto config file which is the Default.xml file. - The CME will acts a a TFTP server which contains all the IP phone's firmware for different models like 7970 and 7640 in different directories.- The CME have configured with the directory path for all the IP phone when the IP phone come to TFTP and acquired the firmware.Let say I have a phone registered is 7970 and what is the mechanism that governs that my 7970 is not downloading the wrong firmware from the TFTP? Let say it might wrongly downloaded the 7640 firmware? Who take care of this? The phone itself? or the CME will tell the IP phone to take only the 7970 firmware via the Default.xml file?

View 1 Replies View Related

Cisco Infrastructure :: Using Catalyst 5500 As A TFTP Server?

Mar 11, 2003

I need to do one Catalyst 5500 as a TFTP server.Can I do it?Is the catalyst available to be a tftp server?

View 4 Replies View Related

Cisco Switching/Routing :: 3750 - How To Set Up TFTP Server

Feb 3, 2013

How do i go about setting up a TFTP server from laptop to Cisco ws-C3750 48P Switch, I need to pull the image off the switch and place it on an other switch that has a corrupt image, The switch which is corrupted is the same as above Cisco ws-C3750 48P.

View 1 Replies View Related

Cisco Wireless :: C1140-k9w7 WAP Times Out TFTP Server

Nov 15, 2012

I am trying to convert two Aironet 1141n access points to autonomous stand-alone units.  I have connected the console cable and I can see the unit giving information in the console window, but I cannot type any commands.  When I try to get the unit to upload the c1140-k9w7-tar.default file by holding the mode button in for 20-30 seconds, it shows it is examining the file, and then states that the connection to the tftp server has timed out.  My windows firewall is off, the interface is configured as and the tftp server is showing that.

View 15 Replies View Related

Cisco Switching/Routing :: WS-C6509-E - Possible To Boot IOS From TFTP Server

Oct 21, 2012

I have been looking at grading the IOS version on our 6509-E however there is not enough space on disk:0 to upgrade to the version I need to install. The question I would like to ask is - is it possible to boot the IOS from a TFTP server? If this is possible what configuration do I need on the 6509 to enable this. How does the 6509 know about the TFTP server as an IOS is not installed and therefore it will not have a network configuration

View 2 Replies View Related

D-Link DIR-825 :: Ddwrt Firmware Are Able To Set Up Additional Tftp Server

Jan 15, 2012

I wonder if dir825 with ddwrt firmware  are able to set up additional tftp server? I try to serve dir825 both as tftp server and dhcp server to allow remote client to have pxe booting from it.  (  the booting image file would be located in external HD attatched to dir825's usb port )

View 1 Replies View Related

Cisco Switching/Routing :: Transfer Configuration From TFTP Server To 4507 And 6513

Apr 12, 2012

I need to transfer a config from a TFTP Server to a 4507 and a 6513. When I transfer the config to both those switches, does it require a reboot?

View 5 Replies View Related

Cisco Switching/Routing :: Error While Upgrading IOS On 2960 Switch Using Tftp Server

Apr 29, 2013

I am trying to copy IOS from my TFTP server which is on my laptop to cisco 2960 switch
I am able to ping to switch from my laptop, connectivity is fine, tftp server is running
Current Image on Switch --> C2960-LANBASE-MZ.122-25.SEE3.bin -->  trying to upgrade to --> c2960-lanbasek9-mz.122-53.SE2
I am getting below error when trying to upgarde IOS:
2960-SW#copy tftp: flash:           
Address or name of remote host []? 10.1.x.x
Source filename []? c2960-lanbasek9-mz.122-53.SE2


View 6 Replies View Related

Cisco Firewall :: ASA 5510 - Accessing Web Server From Another One Within DMZ?

Nov 19, 2012

Is this possible and if so what commands do i need to configure on my ASA 5510 for it to work.I have two web server within my DMZ and i want to access the outside url of on on the web server from the other. Currently i can access the internet from both webserver server but not the url form either webservers.
E.g. config
webserver 1 ---> public ip---> dmz ip
webserver 2 ---> public ip---> dmz ip

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - Cannot Access Web Server

Mar 23, 2013

I bought ASA 5510 about a week ago, very basic configuration and my priority was and still to get access list inbound the outside “Security Level 0 “so I can access my web server from the cloud but unfortunately I could not make it work (((TCP access denied by ACL from 92.40.X.X/52511 to outside:81.108.X.X/80))). ••à>> 92.40.X.X is a pc from the cloud that I used to access my web server and the 81.108.X.X is my public ip address My recent Conf is as follow:

Nat Section:
nat (inside,outside) source dynamic any interface <<<To have the PCs that inside the Network to have access to Internet>>>>


View 4 Replies View Related

Cisco Firewall :: DNS Server Group On ASA 5510

Apr 5, 2011

I can not have "dns server-group" on my asa 5510, could you tell me how to get this command in my ASA 5510.

View 3 Replies View Related

D-Link DIR-655 :: Security Scan Fails With TFTP Server Open / How To Close

Mar 18, 2013

Recently had an external security scan done on my DIR 655 and scan results are stating I have an accessible TFTP Server running. i've been through all the settings, and even upgraded to the latest firmware. Yet security scans are telling me I've got a TFTP Server running. Why would one be showing on the external interface, and how can I stop it?

View 7 Replies View Related

Cisco Firewall :: ASA 5510 - Configuration For Authentication With ACS 5.X Server

Dec 30, 2012

when we are configuring ASA 5510 8.2(5) for Authenticating with ACS 5.X Server is not authentication fail error.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Server's NAT Address Not Changing

Nov 16, 2011

I added a new server and created a new static NAT assignment on the ASA 5510 to the server's IP.  When I browse to the web to check what public IP it's reporting, it shows the wrong IP.  I disabled the network interface on the server, ran "clear xslate", reenabled the network interface, ran "sho xlate" and while the correct translation was in the table, the server still reported the wrong IP address.I even ran a packet trace and it showed the IP address being correctly translated to the proper public IP, but when I browse to the web I get the same erroneous public IP. [code]

View 8 Replies View Related

Cisco Firewall :: ASA 5510 Server IAS First Authentication Failed

Jun 5, 2011

I have a little problem with my ASA 5510 version 8.2(1) with a IAS server RADIUS for strong authentication.
I have configured a double authentication for my client to access SSL portal:
First authentication: AD serverSecondary authentication: IAS for my token SAFENET ALADDIN The server IAS is declared on a W2K3 and it's standard.
The problem I have is that after more than 24hours of unutilization, when i try to log in, my authentication failed the first time and then the other tries work fine as long as I use it in a period of 24hours.
I first thought about the timeout so i tried to put a "timeout" of 15seconds for AD and IAS servers and a "retry intervall" of 3 seconds, it doesn't change much.
Is there a tool/option in the ASA to check connectivity with the radius every 1h for example.

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Can't Access Server On Different Subnet

Sep 7, 2011

First off, let me preface this by saying that I'm a novice when it comes to firewalls and more specifically, the ASA.  I do however, have an above average understanding of switches/routers.
We have an ASA 5510 running 8.3 and recently I've decided to clean up the last admin's mess.  All hosts and servers are on the same subnet, multiple subnets on the same VLAN... and a slew of other problems.  Anyway, I recently placed the IT department on another subnet to test some things out before I migrated other departments to different networks.  Everything seems to be working as it should be with the exception of one of our servers.  The IT subnet is and the problem server is on the network.  I'm guessing the issue lies somewhere in the fact this server does have a static NAT and is accessible from the public.  Let me give you an overview of what our network looks like:
ISP ---->ASA----->3750----->2960
My workstation is directly plugged into the 3750 switch, and the server is plugged into the 2960.  I'm able to ping this server by both IP and hostname.  However, I cannot access port 80 by IP or hostname.  The users that are on the 192.168.10 and 192.168.11 (sadly both of those are on the same VLAN) network are able to access this server without a problem.  Thinking logically, I thought I would send a packet from my workstation, it would head to the layer 3 switch's VLAN interface corresponding to my subnet, realize the .10 network is directly connected and then forward the packet straight to the server.  However, it doesn't seem to be working that way.  It look like it's being routed to the ASA then being dropped.  I guess there's an access rule or firewall rule preventing me from getting to the server.  Is there a specific part of my config you will need to see...

View 15 Replies View Related

Cisco Firewall :: 5510 Client Need Small Server With VPN

Feb 26, 2011

We have cisco 5510 and on our floor we have client who we provide internet connection.  One of our client has small server and 2 computers and they want setup vpn connection so they can access their server from outside.  We have only one static public ip for firewall and exchange.  We don't want provide another public static ip to the our client so they can setup the vpn.  Is their any other way to setup vpn for them? can they the use our 1 public ip for vpn?

View 11 Replies View Related

Cisco Firewall :: ASA 5510 Email And Terminal Server Going Out

Mar 5, 2011

I am having two issues:
1. my email going out is working along with internal, but inbound email is not working. My barracuda email filter is and my exchange 2007 is along with this OWA does not work.
2. Terminal Services does not work when I try from the home pc in I get server not available or disconnected

Below is my congig

ASA Version 8.3(1)!hostname wsigatewaydomain-name wsystems.comenable password yVSkMxWRc/S396FB encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0 nameif outside security-level 0 ip address 64.XXX.XXX.XXX 255.XXX.XXX.XXXinterface Ethernet0/1 nameif inside security-level 100 ip address!interface Ethernet0/2 shutdown no nameif no security-level no ip address!interface Ethernet0/3 [Code]....

View 2 Replies View Related

Cisco Firewall :: 5510 8.3 (1) Static Nat For Web Servers And FTP Server As Well

Sep 13, 2011

I got the charge of a ASA 5510 running with 8.3(1) version.Found that this is simple config with Patting for inside host and couple of Static Nat for web servers and FTP server as well.
There is lots of other configuration being done,I assume for the purpose of just R&D by the previous administrator.I need to understand if the following Nat statements holding any relevance?
Where we are running Only  NETWORK_OBJ_192.168.0.0/23 subnet at inside and there is no other subnet defined in rest of the statements.i.e and doesn't exist at all.

View 1 Replies View Related

Copyrights 2005-15, All rights reserved