This topic is to discuss the following lesson:
Hi All,
What is/are the file system type(s) used by Cisco IOS (for example the flash: file system)? Similar to Linux file system types - ext2, ext3, etc.
Thanks
Rohan
Hello Rohan
In most cases, the file system used is fat32. This can be seen from the fact that most cisco IOS platforms have the fsck utility which is a FAT filesystem check. Also, most USB flash drives that are used as external storage ports on cisco devices are recommended to be formated as fat32.
Some cisco platforms have the ability to change file systems as well. Depending on the platform, using the IOS command filesystem filesystem-type you are able to format any file system (flash, nvram or usb flash drive) on a Cisco device to fat16, fat32 or qnx4.
I hope this has been helpful!
Laz
Great!
Thanks Lagapides.
1 Like
Why your configuration file is showing in flash , should not it show u in the NVRAM ??
R1#dir
Directory of flash:/
1 -rw- 1119 Sep 29 2015 11:11:52 +00:00 first-test-config.cfg
2 -rw- 1184 Dec 3 2014 15:14:06 +00:00 R1-R2-ASA1-ASA2.cfg
3 -rw- 1125 Dec 23 2014 13:41:32 +00:00 ASA1-first-test-config.cfg
6 -rw- 1060 Aug 11 2015 12:53:50 +00:00 mpls-pe-ce-basic-addressing.cfg
7 -rw- 1213 Sep 30 2015 15:05:02 +00:00 router-on-a-stick.cfgHello Narad
It is true that the startup-config is saved within NVRAM. When a Cisco device boots up, it will look in the NVRAM and it will search for the file named startup-config and it will load it into RAM as the running-config. However, it is possible, and it is common practice, to have several configurations saved within a device. These are not active but are saved as files of different names. These files can be saved in NVRAM or flash. They are simply being stored.
They can easily be enabled by simply copying them to NVRAM and renaming them to startup-config.
I hope this has been helpful!
Laz
1 Like
Thanks sir For your explanation…!!
I have setup a lab test for tftp and encountered some issues.
Is it possible connect tftp server through remote VPN (split tunnel)?
I have a Cisco ASA with VPN configured and a Windows 10 PC with tftp server installed in external network. Firewall on Windows 10 PC has been disabled already.
With remote VPN, I was able to access Cisco ASA from Windows PC.
However, I was not able to connect tftp server from the firewall.
I’m wondering if tftp server can be connected through split-tunnel or not.
I’ve also done the ping test.
Ping from tftp server to ASA firewall is fine but ping from ASA firewall to tftp server failed.
What could be the potential problem?
Since tftp server can receive echo-reply from the firewall, the routing table should be fine.
Hello Po
There is no special configuration necessary to allow connectivity to a TFTP server. If you have network connectivity, then you should be able to use the server, whether that connectivity is over a split tunnel VPN or otherwise.
When you ping from the ASA, it uses the IP address of the exit interface as the source of the ping. When you ping the ASA from the PC, you may be attempting to ping a different interface. This difference may account for the different behavior. Make sure that you are using the same source and destination addresses for all of your tests.
Assuming that connectivity via ping has been established, next you must check the application layer. Check to see that you can successfully connect to the TFTP server from other hosts on the network. Maybe the TFTP server hasn’t been set up correctly?
These thoughts may help you in your troubleshooting process… let us know how you get along!
I hope this has been helpful!
Laz
Hi Laz,
Thanks for your explanation.
If I want to make the ping works, I need to encrypt the exit interface IP (for example, 20.1.1.1) by adding one extra line to the split tunnel, is it correct?
I can connect to the TFTP server from different host. IDo I need to allow tftp port for the split tunnel.
Hello Po
I think I’m getting a better idea about your topology. So you have a Windows PC which is a “remote device” and it connects to the ASA using a VPN. Split tunneling is configured so that the PC can connect to the internet via its own Internet connection, but for destination IP addresses behind the ASA, it must match the split tunneling ACL. And your TFTP server is on that Windows PC. Something like the following diagram that comes from the ASA Remote Access VPN lesson:
Where your Windows PC is at the location of the user in the diagram. Does that sound right?
If that is the case, that kind of setup will allow the Windows PC to have access to the subnets behind the ASA via the split tunneling ACL, but this does not necessarily mean that the ASA will have connectivity to the TFTP server.
If you can ping from the PC to the ASA this is because the ACL is being matched, and return traffic is let through. But you can’t ping from the ASA to the PC because of the default security policies that exist on an ASA, which include security level communication rules.
Now in order to ensure that communication initiated by the ASA will reach that remote client, you must ensure the following:
- Define the ACLs - You need to create an ACL that permits traffic from the ASA to the remote client’s IP address and the specific TFTP port (UDP port 69).
- A VPN filter must be created to ensure that the traffic from the ASA to the remote client is allowed. This is done through the group-policy for the VPN clients. Take a look at the ASA VPN Filter lesson for more details.
- Make sure the split-tunnel ACL includes the ASA’s IP so that the remote client knows to route traffic destined for the ASA over the VPN.
Take a look at these considerations as well in your topology and let us know how you get along.
I hope this has been helpful!
Laz