For this scenario, we'll be doing the latter and here are the steps for booting an ASA image file when in ROMMON mode:
Steps ROMMON Command
1. Interrupt the bootup sequence Press Esc or Break at the appropriate time
2. Identify an ASA interface where the rommon>interface <physical-name>
TFTP server is located.
3. Assign an IP address to the ASA interface. rommon>address <ip-address>
4. Assign a default gateway (optional) rommon>gateway <ip-address>
5. Identify the TFTP server address. rommon>server <ip-address>
6. Identify the image filename. rommon>file <filename>
7. Test connectivity to the TFTP server. rommon>ping <ip-address>
8. Issue the tftpdnld command rommon>tftpdnld
Evaluating BIOS Options ...
Launch BIOS Extension to setup ROMMON
Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008
Platform ASA5505
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 8 seconds // HIT ESC KEY
Boot interrupted.
Ethernet0/0 // CONNECTED TO FTP SERVER
MAC Address: c84c.7596.e7c6
Link is UP
Use ? for help.
rommon #0> ?
Variables: Use "sync" to store in NVRAM
ADDRESS= <addr> local IP address
CONFIG= <name> config file path/name
GATEWAY= <addr> gateway IP address
IMAGE= <name> image file path/name
LINKTIMEOUT= <num> Link UP timeout (seconds)
PKTTIMEOUT= <num> packet timeout (seconds)
PORT= <name> ethernet interface port
RETRY= <num> Packet Retry Count (Ping/TFTP)
SERVER= <addr> server IP address
VLAN= <num> enable/disable DOT1Q tagging on the selected port
Commands:
? valid command list
address <addr> local IP address
boot <args> boot an image, valid args are:
- "image file spec" and/or
- "cfg=<config file spec>"
clear clear interface statistics
confreg <value> set hex configuration register
dev display platform interface devices
erase <arg> erase storage media
file <name> application image file path/name
gateway <addr> gateway IP address
gdb <cmd> edit image gdb settings
help valid command list
history display command history
interface <name> ethernet interface port
no <feat> clear feature settings
ping <addr> send ICMP echo
reboot halt and reboot system
reload halt and reboot system
repeat <arg> repeat previous command, valid arguments:
- no arg: repeat last command
- number: index into command history table
- string: most recent 1st arg match in command history table
reset halt and reboot system
server <addr> server IP address
set display all variable settings
show <cmd> display cmd-specific information
sync save variable settings in NVRAM
tftpdnld TFTP download
timeout <num> packet timeout (seconds)
trace toggle packet tracing
unset <varname> unset a variable name
rommon #1> address 192.168.1.1
rommon #2> server 192.168.1.2
rommon #3> file asa901-k8.bin
rommon #4> ping 192.168.1.2
Sending 20, 100-byte ICMP Echoes to 192.168.1.2, timeout is 4 seconds:
?!!!!!!!!!!!!!!!!!!!
Success rate is 95 percent (19/20)
rommon #5> tftpdnld
ROMMON Variable Settings:
ADDRESS=192.168.1.1
SERVER=192.168.1.2
GATEWAY=0.0.0.0
PORT=Ethernet0/0
VLAN=untagged
IMAGE=asa901-k8.bin
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20
tftp asa901-k8.bin@192.168.1.2
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<output truncated>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Received 27260928 bytes
Launching TFTP Image...
Cisco Security Appliance admin loader (3.0) #0: Fri Oct 26 16:36:37 PDT 2012
Platform ASA5505
Loading...
IO memory blocks requested from bigphys 32bit: 9928
Àdosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 392 files, 26848/31033 clusters
dosfsck(/dev/hda1) returned 0
Processor memory 343932928, Reserved memory: 62914560
Total SSMs found: 0
Total NICs found: 10
88E6095 rev 2 Gigabit Ethernet @ index 09 MAC: 0000.0003.0002
88E6095 rev 2 Ethernet @ index 08 MAC: c84c.7596.e7c5
88E6095 rev 2 Ethernet @ index 07 MAC: c84c.7596.e7c4
88E6095 rev 2 Ethernet @ index 06 MAC: c84c.7596.e7c3
88E6095 rev 2 Ethernet @ index 05 MAC: c84c.7596.e7c2
88E6095 rev 2 Ethernet @ index 04 MAC: c84c.7596.e7c1
88E6095 rev 2 Ethernet @ index 03 MAC: c84c.7596.e7c0
88E6095 rev 2 Ethernet @ index 02 MAC: c84c.7596.e7bf
88E6095 rev 2 Ethernet @ index 01 MAC: c84c.7596.e7be
y88acs06 rev16 Gigabit Ethernet @ index 00 MAC: c84c.7596.e7c6
Verify the activation-key, it might take a while...
Running Permanent Activation Key: 0x3021cd54 0x20efac90 0xc852410c 0xb95cd094 0xc108009a
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
Inside Hosts : 10 perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.08
Cisco Adaptive Security Appliance Software Version 9.0(1)
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
All rights reserved.
Copyright (c) 1998-2011 The OpenSSL Project.
All rights reserved.
This product includes software developed at the University of
California, Irvine for use in the DAV Explorer project
(http://www.ics.uci.edu/~webdav/)
Copyright (c) 1999-2005 Regents of the University of California.
All rights reserved.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical DataSoftware clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Reading from flash...
!.
Cryptochecksum (unchanged): 2013e7a5 6a354989 98725b71 858eed96
Type help or '?' for a list of available commands.
ciscoasa>
No comments:
Post a Comment