I have a site to site VPN configured between two ASA 5520s. I have a TFTP server behind ASA1, with an IP of 172.16.1.1 on the "inside" network. I'd like to be able to copy the running config of ASA2 through the VPN to 172.16.1.1, but am unable to do so. I can hit the TFTP server from a machine on the "inside" network of ASA2. Is there a way that I can tell ASA2 to make the TFTP connection from the "inside" network of ASA2, or is there a better solution to this?
Asked
Active
Viewed 5,227 times
3 Answers
2
Assuming you're using the 'copy' command on the ASA to initiate the transfer, it should be possible to specify the interface that you want the tftp client (ASA2) to use the IP of (in this case, originating from the 'inside' interface so that it matches the relevant ACLs.)
Have a look at syntax: http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/c.html#wp1970383
its likely you'll need to issue command as: ASA2#copy running-config tftp://[user[:password]@]server[:port]/[path/]filename[;int=interface_name]
Konrad Pizzuto
- 21
- 2
1
I think you need to issue this command:
management-access inside
Jason Berg
- 19,084
- 6
- 40
- 55
-
Thank you. I had tried all the steps provided by previous responders and adding your command then allowed my ASA to write the config across the VPN. – Jim Scott Oct 20 '14 at 05:23
1
I'm guessing my IOS doesn't support setting the interface name as an additional tftp parameter:
copy running-config tftp://[user[:password]@]server[:port]/[path/]filename[;int=interface_name]
but I did get it to work by setting the system default tftp server:
tftp-server inside [server] /[filename]
write tftp
Victor Trac
- 277
- 2
- 3