Trivial File Transfer Protocol (TFTP) has been the natural choice for transfering files on a Cisco device for a long time but it has some weaknesses:

  • It’s not reliable, since it doesn’t use TCP
  • Since it’s not using TCP every packet has to be acknowledged before the next one can be sent
  • No support for encryption of traffic
  • Takes long time to transfer large files

So why do we still use TFTP, mostly because it’s simple to setup and that we are used to it. File Transfer Protocol (FTP) overcomes most of the weaknesses of TFTP. It’s reliable because it uses TCP for transport. We send several packets before needing to acknowledge. It’s much faster. It is not encrypted but if that is a must Secure Copy (SCP) can be used.

Transfering a file from a FTP server to a Cisco ASA is very easy. First you need a FTP server, I use Quick ‘n Easy FTP Server Lite. This is the syntax to transfer a file:

copy ftp://user:password@serverip/filename disk0:

Change user and password to the real user and password and the servip is the IP used by the FTP-server. Filename is the name of the file to transfer. Disk0 is the destination for the file. I did some upgrades of ASA last week and I was shocked how much faster it is than TFTP so I highly recommend you start using it.

Transfering files with FTP (Cisco ASA)
Tagged on:         

9 thoughts on “Transfering files with FTP (Cisco ASA)

  • Pingback:2010 in review « Daniels quest for CCIE

  • February 16, 2012 at 1:59 am
    Permalink

    Hey thanks man, this is great, didn’t know you could pass credentials like that. Very helpful!

    Reply
  • March 20, 2012 at 5:18 pm
    Permalink

    Beautiful and simple thing. Thanks!

    Reply
  • August 7, 2014 at 9:39 am
    Permalink

    What is the command to copy a file from disk0: to a ftp server ?

    copy disk0:/AnyConnect_client_profile.xml ftp://admin:[email protected]/AnyConnect_client_profile.xml

    Source filename [AnyConnect_client_profile.xml]?

    Address or name of remote host [192.168.102.243]?

    Destination username [admin]?

    Destination password [anonymous]?

    Destination filename [AnyConnect_client_profile.xml]?

    %Error writing ftp://admin:[email protected]/AnyConnect_client_profile.xml ()
    India-CiscoASA(config)#

    Thanks

    Reply
    • August 7, 2014 at 10:23 am
      Permalink

      Your syntax looks correct. Are you sure the FTP is working and allowing uploads?

      Reply
  • August 7, 2014 at 10:58 am
    Permalink

    I was able to download a file from my ftp server.
    Am actually running filezilla server on my windows machine
    and the folder i use for ftp has been given full control

    Thanks

    Reply
  • August 7, 2014 at 10:59 am
    Permalink

    Looks like server is not allowing it ??

    (000032)8/7/2014 13:14:30 PM – (not logged in) (192.168.101.197)> Connected on port 21, sending welcome message…
    (000032)8/7/2014 13:14:30 PM – (not logged in) (192.168.101.197)> 220-FileZilla Server version 0.9.46 beta
    (000032)8/7/2014 13:14:30 PM – (not logged in) (192.168.101.197)> 220-written by Tim Kosse ([email protected])
    (000032)8/7/2014 13:14:30 PM – (not logged in) (192.168.101.197)> 220 Please visit http://sourceforge.net/projects/filezilla/
    (000032)8/7/2014 13:14:30 PM – (not logged in) (192.168.101.197)> USER admin
    (000032)8/7/2014 13:14:30 PM – (not logged in) (192.168.101.197)> 331 Password required for admin
    (000032)8/7/2014 13:14:30 PM – (not logged in) (192.168.101.197)> PASS *********
    (000032)8/7/2014 13:14:30 PM – admin (192.168.101.197)> 230 Logged on
    (000032)8/7/2014 13:14:30 PM – admin (192.168.101.197)> TYPE I
    (000032)8/7/2014 13:14:30 PM – admin (192.168.101.197)> 200 Type set to I
    (000032)8/7/2014 13:14:30 PM – admin (192.168.101.197)> PORT 192,168,101,197,68,206
    (000032)8/7/2014 13:14:30 PM – admin (192.168.101.197)> 200 Port command successful
    (000032)8/7/2014 13:14:30 PM – admin (192.168.101.197)> STOR AnyConnect_client_profile.txt
    (000032)8/7/2014 13:14:30 PM – admin (192.168.101.197)> 550 Permission denied
    (000032)8/7/2014 13:14:30 PM – admin (192.168.101.197)> QUIT
    (000032)8/7/2014 13:14:30 PM – admin (192.168.101.197)> 221 Goodbye
    (000032)8/7/2014 13:14:30 PM – admin (192.168.101.197)> disconnected.

    Thanks
    Saleh

    Reply
    • August 7, 2014 at 12:11 pm
      Permalink

      Yes, it looks like it was denied.

      I usually use Easy FTP Server Lite when I want to setup a quick FTP. It’s easy to setup.

      Reply
  • January 23, 2017 at 2:32 am
    Permalink

    But how do you make it work over a VPN tunnel? With TFTP you use the ;int=[inside] at the end of the source URL. This does not work in FTP commands.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *