Sei sulla pagina 1di 12

Cisco SMB Support Assistant

     

|

|

|

     

Cisco SMB Support Assistant

                         
     

Recover the Image on an ASA 5500 Series Security Appliance

                 
 

Home > Work With My Security Devices > Cisco Security Appliances > Recover the Image on an ASA 5500 Series Security Appliance

                       
         

Service Requests

           
 

Recover the Image on an ASA 5500 Series Security Appliance

                         
                 
   

Introduction Requirements

 

Feedback

                 
   

Prepare to Recover the Image Obtain Software

Download PDF

                       
   

Set Up the TFTP Server

Please rate this site:

         
   

Open a Terminal Connection

                       
     

++

+

+/-

-

--

 
   

Recover the Image Next Step

Suggestions for improvement:

     
   

Troubleshoot the Procedure Related Information

           
 

Introduction

                           
 

This document provides instructions to reinstall the software image on your ASA 5500 series Security Appliance. This document applies to both ASA 5510 and ASA 5505 Adaptive Security Appliance devices.

If Cisco may contact you for more details or for future feedback opportunities, please enter your contact information:

 
 

You need to reinstall the software image in either of these scenarios:

   

Full

       
       

Name:

     
   

You reset the ASA 5500 password with password discovery disabled

   

Email:

     
   

The ASA software image is damaged or corrupted

                         
                         

Note: Some command-line output in this document has been truncated for clarity and improved usability.

Back to Top

Requirements

To perform the steps described in this document, you need to have this equipment:

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (1 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

Physical access to the ASA

A Windows PC with terminal-emulation software, such as HyperTerminal

A straight-through Ethernet cable. For more information about cables, refer to Cable Descriptions.

A console cable or a rolled cable with an adapter. For more information about cables, refer to Cable Descriptions.

information about cables, refer to Cable Descriptions . ● TFTP Server software. For more information about

TFTP Server software. For more information about TFTP software, refer to Set Up a TFTP Server.

Approximately one hour of network downtime

Back to Top

Prepare to Recover the Image

Follow these steps to prepare your network to recover the image on the ASA 5500 Series Security Appliance:

Obtain Software Before you begin, contact the SMB Technical Assistance Center (SMB TAC) to obtain these images:

A Cisco software image for the ASA 5500 Series Security Appliance

An image for Adaptive Security Device Manager

Set Up the TFTP Server Follow these steps to set up the TFTP server:

1. Connect a straight-through Ethernet cable from PC to the ethernet interface 0/0 of the ASA.

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (2 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

Cisco SMB Support Assistant Note: The picture displays ASA 5510 model. Other series of ASA models

Note: The picture displays ASA 5510 model. Other series of ASA models looks different. Always connect the straight-through Ethernet cable from PC to the first Ethernet interface of the ASA.

2. Ensure that the ASA software image and the ASDM image are in the TFTP root directory for your TFTP application. For more information about TFTP software, refer to Set Up a TFTP Server.

3. Change your PC IP address to 192.168.1.2. For more information about how to change your IP address, refer to Configure an IP Address on Your PC.

4. Leave the TFTP Server software open so that the ASA can download the images from your PC.

Open a Terminal Connection

You need a console access to your security appliance in order to reset the password. Follow these steps to set up console access to the security appliance:

1. Connect the RJ-45 connector of the console cable into the console port on the rear panel of the security appliance. Connect the DB-9 connector to the PC serial port. On your PC choose Start > Programs > Accessories > Communications > HyperTerminal to open HyperTerminal. For additional information on how to connect a terminal to the console port, refer to Create a HyperTerminal Connection.

2. Create a connection with these terminal settings.

Bits per second (baud): 9600

Data bits: 8

Parity: None

Stop bits: 1

Flow Control: None

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (3 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

Cisco SMB Support Assistant Back to Top Recover the Image Follow these steps to recover the

Back to Top

Recover the Image

Follow these steps to recover the image on the ASA security appliance:

1. If the ASA is missing its software image, it reboots continuously. If you need to break a continuous reboot cycle, watch the startup messages that the ASA displays during boot. When the ASA displays Use BREAK or ESC to interrupt boot, press Escape.

Note: If your ASA does not continuously reboot, proceed to the next step.

Booting system, please wait

CISCO SYSTEMS Embedded BIOS Version 1.0(10)0 03/25/05 22:42:05.25

Low Memory: 631 KB High Memory: 256 MB PCI Device Table. Bus Dev Func VendID DevID Class

Irq

00

00

00

8086

2578 Host Bridge

00

01

00

8086

2579 PCI-to-PCI Bridge

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (4 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

00

03

00

8086

257B PCI-to-PCI Bridge

 

00

1C

00

8086

25AE PCI-to-PCI Bridge

00

1D

00

8086

25A9

Serial Bus

11

00

1D

01

8086

25AA

Serial Bus

10

00

1D

04

8086

25AB System

00

1D

05

8086

25AC IRQ Controller

00

1D

07

8086

25AD

Serial Bus

9

00

1E

00

8086

244E PCI-to-PCI Bridge

00

1F

00

8086

25A1 ISA Bridge

00

1F

02

8086

25A3

IDE Controller

11

00

1F

03

8086

25A4

Serial Bus

5

00

1F

05

8086

25A6 Audio

5

02

01

00

8086

1075 Ethernet

11

03

01

00

177D

0003 Encrypt/Decrypt

9

03

02

00

8086

1079 Ethernet

9

03

02

01

8086

1079 Ethernet

9

03

03

00

8086

1079 Ethernet

9

03

03

01

8086

1079 Ethernet

9

04

02

00

8086

1209 Ethernet

11

04

03

00

8086

1209 Ethernet

5

Evaluating BIOS Options Invalid Key: 001B

Launch BIOS Extension to setup ROMMON

Cisco Systems ROMMON Version (1.0(10)0) #0: Fri Mar 25 23:02:10 PST 2005

Platform ASA5510

Use BREAK or ESC to interrupt boot. Use SPACE to begin boot immediately. Boot interrupted.

Use ? for help. rommon #0>

Note: If you are unable to break the boot process and the ASA reboots, repeat this step.

2. Type ADDRESS=192.168.1.1 and press Enter.

rommon #0>ADDRESS=192.168.1.1

3. Type IMAGE=filename.bin and press Enter.

rommon #1>IMAGE=asa704-k8.bin

4. Type PORT=Ethernet0/0 and press Enter.

rommon #2>PORT=Ethernet0/0

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (5 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

Ethernet0/0

Link is UP MAC Address: 0013.c480.7a1e

5. Type SERVER=192.168.1.2 and press Enter.

rommon #3>SERVER=192.168.1.2

6. Type unset GATEWAY and press Enter.

rommon #3>unset GATEWAY

7. Type tftpdnld and press Enter.

rommon #4>tftpdnld ROMMON Variable Settings:

ADDRESS=192.168.1.1

SERVER=192.168.1.2

GATEWAY=0.0.0.0

PORT=Ethernet0/0

VLAN=untagged

IMAGE=asa704-k8.bin

CONFIG=

LINKTIMEOUT=20

PKTTIMEOUT=4

RETRY=20

tftp asa704-k8.bin@192.168.1.2 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Received 5437440 bytes

Launching TFTP Image

8. The ASA boots with the new image file.

Cisco PIX Security Appliance admin loader (3.0) #0: Thu Oct 13 21:07:02 PDT 2005

################################################################################

################################################################################

9. After the ASA boots, it displays the command prompt. Type enable and press Enter. Press Enter at the password prompt.

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (6 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

cisco>enable

Password:

cisco#

Note: If you do not see the prompt after the ASA boots, press Enter to clear the output.

10. Type format disk0: and press Enter. Press Enter at each of the three confirm messages that appear.

cisco#format disk0:

WARNING: Saving activation key file failed. Proceed with operation? [confirm]

Format operation may take a while. Continue? [confirm]

Format operation will destroy all data in "disk0:". Continue? [confirm]

Format: Drive communication & 1st Sector Write OK

Format: All system sectors written. OK

Format: Total sectors in formatted partition: 123104 Format Total bytes in formatted partition: 6302948 Format: Operation completed successfully.

Format of disk0 complete cisco#

11. Type configure terminal and press Enter.

cisco#configure terminal cisco(config)#

12. Type interface ethernet0/0 and press Enter.

cisco(config)#interface ethernet0/0 cisco(config-if)#

13. Type ip address 192.168.1.1 255.255.255.0 and press Enter.

cisco(config-if)# ip address 192.168.1.1 255.255.255.0

14. Type nameif inside and press Enter.

cisco(config-if)#nameif inside INFO: Security level for "inside" set to 100 by default.

15. Type no shut and press Enter.

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (7 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

cisco(config-if)# no shut

16. Type exit and press Enter.

cisco(config-if)#exit

cisco(config)#

17. Type route inside 0.0.0.0 0.0.0.0 192.168.1.2 and press Enter.

cisco(config)#route inside 0.0.0.0 0.0.0.0 192.168.1.2

18. Type end and press Enter.

cisco(config)#end

cisco#

19. Type write memory and press Enter.

cisco#write memory Building configuration Cryptochecksum: 332fb353 d7c0f574 9315ed84 3dc1192e

1213 bytes copied in 3.540 secs (404 bytes/sec) [OK]

20. Type copy tftp://192.168.1.2/asa704-k8.bin flash: and press Enter.

cisco#copy tftp://192.168.1.2/asa704-k8.bin flash:

Address or name of remote host [192.168.1.2]?

Source filename [asa704-k8.bin]?

Destination filename [asa704-k8.bin]?

Accessing tftp://192.168.1.2/asa704-k8.bin

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!! Writing file disk0:/asa704-k8.bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 5437440 bytes copied in 251.880 secs (21663 bytes/sec)

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (8 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

cisco#

21. Type copy tftp://192.168.1.2/asdm504.bin flash: and press Enter.

cisco# copy tftp://192.168.1.2/asdm504.bin flash:

Address or name of remote host [192.168.1.2]?

Source filename [asdm504.bin]?

Destination filename [asdm504.bin]?

Accessing tftp://192.168.1.2/asdm504.bin

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Writing file disk0:/asdm504.bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 5958324 bytes copied in 336.670 secs (17733 bytes/sec) cisco#

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

22. Type configure terminal and press Enter.

cisco#configure terminal cisco(config)#

23. Type no route inside 0.0.0.0 0.0.0.0 192.168.1.2 and press Enter.

cisco(config)#no route inside 0.0.0.0 0.0.0.0 192.168.1.2

24. Type end and press Enter.

cisco(config)#end

cisco#

25. Type asdm image flash:asdm504.bin and press Enter.

cisco(config)#asdm image flash:asdm504.bin

26. Type http server enable and press Enter.

cisco(config)#http server enable

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (9 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

27. Type http 192.168.1.0 255.255.0 inside and press Enter.

cisco(config)#http 192.168.1.0 255.255.255.0 inside

28. Close your TFTP server software.

29. Close the terminal connection and disconnect the console cable from the ASA.

Back to Top

Next Step

You have completed image recovery for your Cisco ASA 5500 series security appliance. To reconfigure the ASA, proceed to Configure Your ASA 5505 Security Appliance or Configure Your ASA 5510 Security Appliance.

Back to Top

Troubleshoot the Procedure

This section provides information about common problems that you may encounter. If this information does not solve your problem, contact the SMB Technical Assistance Center (SMB TAC) for assistance.

Problem

Cause(s) and Suggested Solution(s)

The ASA boots normally before you interrupt the boot sequence.

Repeat the first step in Recover the Image.

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (10 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

 

Ensure that the PC's IP address is configured with 192.168.10.2 with a subnet mask of 255.255.255.0. Refer to Configure an IP Address on Your PC for instructions.

You receive an error message “Interface link did not come up. Timed out. TFTP: Operation terminated” or “Timed Out” after you perform step 6 of the Recover the Image section.

Ensure that you use the proper cable. You must use a crossover cable not a straight-through cable to connect your PC to the ASA first Ethernet port. Refer to Cable Descriptions for more information

Ensure that you have launched TFTP Server program.

You receive an error message

 

%Error opening tftp://192.168.1.2/asa704-k8.bin (No such device) or

Ensure that you have specified the correct file path in step 20 and step 21 of the Recover the Image section.

%Error opening tftp://192.168.1.2/asdm504.bin (No such device) after performing steps 20 and 21 respectively

You receive an error message

Ensure that the new software image is stored in your TFTP Root directory.

TFTP error 1 received (File not found).

TFTP: Operation terminated.

If you are still unable to complete the procedure successfully, contact the SMB Technical Assistance Center (SMB TAC) for assistance.

Back to Top

Related Information

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (11 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

Assistant ● Configure Your ASA 5510 Security Appliance © 1992-2006 Cisco Systems, Inc. All rights reserved.

© 1992-2006 Cisco Systems, Inc. All rights reserved. Terms and Conditions, Privacy Statement, Cookie Policy and Trademarks of Cisco Systems, Inc.

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (12 of 12)6/27/2008 12:33:20 PM