Configuration Example, Firewalling

Secure Copy Server Cisco ASA

René Jorissen on September 16, 2008 1 Comment • Tags: #asa #asdm #copy #puttyscp #scopy #scp #secure #server #ssh

Lately there are a lot of changes in the firmware and the ASDM for the Cisco ASA firewalls. This means a lot of copying from files to the flash memory of the specific appliances. Normally when upgrading the software from an appliance I use a computer on the customer network. This could be my own laptop or I take over a computer remotely.

Using my own laptop is never a problem, but when I would like to upgrade a firewall remotely I first have to build a VPN tunnel. Take over a computer, download the specific software for the appliance. Install some kind of FTP or TFTP service and start the upload procedure.

A couple of weeks ago a friend of mine brought up the Secure Copy Server feature for Cisco ASA appliance. This features gives to the ability to securely upload files remotely to the flash memory of the appliance. Secure copy is a often used feature in the open source community and the usage is simple. It is a very powerful tool, but it never crossed my mind to use it in conjunction with the ASA appliances.

The Secure Copy Server is enabled with the following command:

ssh scopy enable

After enabling the Secure Copy Server you have the ability to securely copy files to the flash memory of the ASA appliance. Linux or Mac OS X users normally use some kind of terminal to establish a secure copy connection. Windows users could use PuttySCP for uploading files to the flash memory. The syntax for using PuttySCP is in general the same as using a Linux shell. The syntax looks like:

pscp.exe <source> <user>@<destination host>:<flash file name>

An example would be:

pscp.exe asa804-k8.bin rene@asa.booches.nl:asa804-k8.bin

I guess I will use this feature more often from now on.

The following two tabs change content below.

René Jorissen

Co-owner and Solution Specialist at 4IP Solutions
René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, Aruba Networks, FortiNet, HP Networking, Juniper Networks, RSA SecurID, AeroHive, Microsoft and many more. René is Aruba Certified Edge Expert (ACEX #26), Aruba Certified Mobility Expert (ACMX #438), Aruba Certified ClearPass Expert (ACCX #725), Aruba Certified Design Expert (ACDX #760), CCNP R&S, FCNSP and Certified Ethical Hacker (CEF) certified. You can follow René on Twitter and LinkedIn.

Latest posts by René Jorissen (see all)

  1. Firman says:

    hi Rene

    I have tried but get response “FATAL ERROR: Network error: Cannot assign requested address”

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.