Filter
Top Products
16-5
Cisco ASDM User Guide
OL-16647-01
Chapter 16 Configuring Management Access
Configuring File Access
Configuring the Security Appliance as a Secure Copy Server
You can enable the secure copy server on the security appliance. Only clients that are allowed to access
the security appliance using SSH can establish a secure copy connection.
This implementation of the secure copy server has the following limitations:
• The server can accept and terminate connections for secure copy, but cannot initiate them.
• The server does not have directory support. The lack of directory support limits remote client access
to the security appliance internal files.
• The server does not support banners.
• The server does not support wildcards.
• The security appliance license must have the VPN-3DES-AES feature to support SSH version 2
connections.
To configure the security appliance as a Secure Copy (SCP) server, perform the following steps:
Step 1 From the Configuration > Device Management > Management Access > File Access > Secure Copy
(SCP) Server pane, check Enable secure copy server.
Step 2 Click Apply.
The changes are saved to the running configuration. The security appliance can function as an SCP
server for transferring files from/to the device.
Configuring the Security Appliance as a TFTP Client
TFTP is a simple client/server file transfer protocol described in RFC783 and RFC1350 Rev. 2. You can
configure the security appliance as a TFTP client so that it can transfer a copy of its running
configuration file to a TFTP server using File > Save Running Configuration to TFTP Client or Tools >
Command Line Interface. In this way, you can back up and propagate configuration files to multiple
security appliances.
The security appliance supports only one TFTP client. The full path to the TFTP client is specified in
Configuration > Device Management > Management Access > File Access > TFTP Client. Once
configured here, you can use a colon (:) to specify the IP address in the CLI configure net and copy
commands. However, any other authentication or configuration of intermediate devices necessary for
communication from the security appliance to the TFTP client is done apart from this function.
To configure the security appliance as a TFTP client for saving configuration files to a TFTP server,
perform the following steps:
Step 1 From the Configuration > Device Management > Management Access > File Access > TFTP Client
pane, check Enable.
Step 2 From the Interface Name drop-down list, choose the interface to use as a TFTP client.
Step 3 In the IP Address field, add the IP address of the TFTP server where configuration files will be saved.
Step 4 In the Path field, add the path to the TFTP server where configuration files will be saved.
For example: /tftpboot/asa/config3
Step 5 Click Apply.