Copy files using SCP: Secure Copy Protocol from one ASA unit to another.

Copy files using SCP : Secure Copy Protocol from one ASA unit to another.

You may want to speed up things in life and spare yourself some free time by copying files from one ASA Firewall to another locally rather than copying it from the remote file server somewhere in your DC.

?Guess what! You have SCP to the rescue.

?What is SCP?

The SCP is a network protocol, based on the BSD RCP protocol, which supports file transfers between hosts on a network. SCP uses Secure Shell (SSH) for data transfer and uses the same mechanisms for authentication, thereby ensuring the authenticity and confidentiality of the data in transit. A client can send (upload) files to a server, optionally including their basic attributes (permissions, timestamps). Clients can also request files or directories from a server (download). SCP runs over TCP port 22 by default.

?

Things to know before SCP helps!

1. Ensure you have permitted SSH for the IP address of the ASA from where you are going to copy the file to the other Firewall on the inside interface.

Ssh 10.10.10.0 255.255.255.240 inside

Where 10.10.10.0/28 is the Subnet of my inside interfaces on the FW pair

1. Ensure you have enabled SCP on the FW pair.

Conf t

Ssh scopy enable

?

Things in action! CLI :

FW/pri/act# copy disk0:/FSCK0030.REC scp:FSCK0030.REC

?Source filename [FSCK0030.REC]?

?Address or name of remote host []? IP_of_FW/sec/stby

?Destination username []? Username

?Destination filename [FSCK0030.REC]?

?If this is the first time using SCP, you have to accept the private SSH key.?(answer Yes to accept).?Otherwise, copy will commence.

?Are you sure you want to continue connecting (yes/no)? Yes

?Warning: Permanently added 'IP_of_FW/sec/stby' (SHA256) to the list of known hosts.

?Password: ********************

!!!!

INFO: No digital signature found

4096 bytes copied in 18.520 secs (227 bytes/sec)