pix question regarding configs and tftp

Discussion in 'Cisco' started by John Smith, Mar 31, 2005.

  1. John Smith

    John Smith Guest

    is there a pix equivalent to the router IOS command "copy tftp start"?
    v.6.3(4)

    it seems that you can't tftp a config *to* the pix, only *from* the pix.
    am i wrong?

    TIA
     
    John Smith, Mar 31, 2005
    #1
    1. Advertising

  2. :)
    you are wrong

    enable-mode
    config terminal
    config net tftp-srvaddr:path

    See online-help:
    pixfirewall(config)# conf net ?
    Usage: configure [terminal|floppy|memory]
    configure \
    http://[<user>:<password>@]<location>[:<port>]/<pathname>
    configure net [<location>]:[<pathname>]
    configure factory-default [<inside_ip> [<mask>]]
    clear configure [primary|secondary|all]


    Mathias
    John Smith schrieb:
    > is there a pix equivalent to the router IOS command "copy tftp start"?
    > v.6.3(4)
    >
    > it seems that you can't tftp a config *to* the pix, only *from* the pix.
    > am i wrong?
    >
    > TIA


    --
    CCIE #11220
    Everything written is MY opinion only, not the one of my company or
    employer unless otherwise noted

    The early bird gets the worm, but the second mouse gets the cheese

    My signature is certified by Fraunhofer Society.
    The root-ca IS trusted but the browser-manufacturers want big $ to have
    it included
     
    Mathias Gaertner, Mar 31, 2005
    #2
    1. Advertising

  3. John Smith

    John Smith Guest

    cool - thanks....

    On Thu, 31 Mar 2005 16:44:00 +0200, Mathias Gaertner wrote:

    > :)
    > you are wrong
    >
    > enable-mode
    > config terminal
    > config net tftp-srvaddr:path
    >
    > See online-help:
    > pixfirewall(config)# conf net ?
    > Usage: configure [terminal|floppy|memory]
    > configure \
    > http://[<user>:<password>@]<location>[:<port>]/<pathname>
    > configure net [<location>]:[<pathname>]
    > configure factory-default [<inside_ip> [<mask>]]
    > clear configure [primary|secondary|all]
    >
    >
    > Mathias
    > John Smith schrieb:
    >> is there a pix equivalent to the router IOS command "copy tftp start"?
    >> v.6.3(4)
    >>
    >> it seems that you can't tftp a config *to* the pix, only *from* the pix.
    >> am i wrong?
    >>
    >> TIA
     
    John Smith, Mar 31, 2005
    #3
  4. In article <>,
    John Smith <> wrote:
    :is there a pix equivalent to the router IOS command "copy tftp start"?
    :v.6.3(4)

    No.


    :it seems that you can't tftp a config *to* the pix, only *from* the pix.
    :am i wrong?

    In PIX thru 6.x, there is only the equivilent of "copy tftp running".
    That is, you can tftp something in, but as it gets tftp'd, it will
    *line by line* get processed and make changes -- and if those
    changes happen to clobber the link to the tftp server, you only
    have until the end of the current tftp block (512 byte boundaries)
    to get the link re-established your your session is gone.

    You should see the hoops I've had to jump through to tftp in
    a new configuration from a remote server over a VPN link.
    (I don't have access to systems at the remote end to temporarily
    store the configuration on for non-VPN access, and the ISP-
    equivilent blocks plain tftp so I can't just turn off the VPN
    link long enough to upload the new config... I have to keep
    the VPN stable while I change it!)
    --
    Usenet is like a slice of lemon, wrapped around a large gold brick.
     
    Walter Roberson, Mar 31, 2005
    #4
  5. John Smith

    d8da Guest

    what version of tftp is being used? I am trying to tftp from a server
    attached to the pix concole port. i am using tftpd32. I can not seem to
    get the config from the pix to the server, much less get the
    path/filename correct.

    Any help with that?
     
    d8da, Apr 1, 2005
    #5
  6. In article <>,
    d8da <> wrote:
    :what version of tftp is being used? I am trying to tftp from a server
    :attached to the pix concole port.

    Do you mean that literally? The PIX console port is a serial port
    *only*. You have to attach to one of the ethernet interfaces,
    and you have to give the interface an IP address and subnet,
    and you have to configure the 'tftp-server' command (if you know
    the shortcuts you can skip that step -provided- your server
    is connected to the 'inside' interface.)
    --
    Usenet is like a slice of lemon, wrapped around a large gold brick.
     
    Walter Roberson, Apr 1, 2005
    #6
  7. John Smith

    d8da Guest

    no, I am connected from the PIX to my server via the blue cable that
    connects to the server serial port. this is how I get to the pdm. And
    from the pdm I set the IP of the server 192.168.0.3 and the path,
    c:\tools\tftp. But when I use the PDM to save the config, it gives me
    access denied messages. How am I supposed to set the correct path and
    filename?
     
    d8da, Apr 1, 2005
    #7
  8. In article <>,
    d8da <> wrote:
    :c:\tools\tftp. But when I use the PDM to save the config, it gives me
    :access denied messages. How am I supposed to set the correct path and
    :filename?

    It is common (but not universal) that tftp daemons require that
    the destination filename exist before it will allow writing to the
    file. This is a security measure.

    Also, tftp daemons only allow writing to directories they have been
    configured to allow writing to.

    I am not familiar with your particular tftp daemon, so I do not know
    what specific steps are needed to configure it.
    --
    History is a pile of debris -- Laurie Anderson
     
    Walter Roberson, Apr 1, 2005
    #8
  9. John Smith

    d8da Guest

    Thanks for the reply. Can you send the exact tftp server you use and
    the commands? Please?
     
    d8da, Apr 9, 2005
    #9
  10. In article <>,
    d8da <> wrote:
    :Thanks for the reply. Can you send the exact tftp server you use and
    :the commands? Please?

    The only tftp servers that I have had experience with on Windows
    have been:

    - the one with AT&T's "UWin" project
    - (very recently) SolarWinds TFTP.

    The SolarWinds TFTP is not starting itself automatically properly,
    sometimes freezes up, and sometimes thinks that it is already running
    when it is not, requiring a reboot to restore functionality.
    On the other hand, it does not require that the destination file
    be already present.

    For the SolarWinds product, I could not, within a reasonable amount
    of time, determine how to remotely specify an exact destination
    the way I am accustomed to for Unix systems. What I ended up doing
    on the PIX was using a destination file name starting with a
    single forward-slash, which the SolarWinds product automatically
    translated into its pre-configured destination directory
    ( C:\PIX in our setup.)

    tftp-server inside WindowsHostIP /ConfigFile.txt

    then write net would write to C:\PIX\ConfigFile.txt
    --
    "I want to make sure [a user] can't get through ... an online
    experience without hitting a Microsoft ad"
    -- Steve Ballmer [Microsoft Chief Executive]
     
    Walter Roberson, Apr 9, 2005
    #10
  11. John Smith

    d8da Guest

    Thank you for your efforts. I also resolved the problem using tftpd32
    by changing the tftp security settings to "none". Since I was on the
    phone with Cisco for a PDM issue, he also helped me out.

    I appreciate it! Have a great weekend.
     
    d8da, Apr 9, 2005
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Angela Spiro
    Replies:
    2
    Views:
    1,529
    Angela Spiro
    Nov 10, 2003
  2. Blouz
    Replies:
    2
    Views:
    2,335
  3. Newbie72
    Replies:
    3
    Views:
    474
    Newbie72
    Jun 29, 2006
  4. Sharad
    Replies:
    0
    Views:
    694
    Sharad
    Feb 13, 2007
  5. KDawg44
    Replies:
    5
    Views:
    1,283
    Alexander Romanov
    Sep 24, 2009
Loading...

Share This Page