I was preparing a brand new Cisco ASA 5525-X firewall for one of our client. The first thing I always check is the preloaded ASA image on the device. We've had prior ASAs with 8.6 code but now we're getting 9.1. When I checked the 9.1(2) code, there were reviews (which is great by the way) on
Cisco's download site saying there were bugs found on this code, so I
proceeded to download a more stable code which is the 9.1(6).
Instead of configuring a /30 IP address on the ASA and my PC and doing the usual TFTP (or FTP) transfer, I conveniently took out my USB flash drive, copied the new image and inserted it on the ASA's USB slot. There are 2 USB slots below the MGMT port and right beside the CONSOLE port. I used the copy command and pointed to the new ASA code using the boot command. I finally reloaded the ASA for the new code to take effect.
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 9.1(2)
Device Manager Version 7.1(3)
ciscoasa# dir ?
/all List all files
/recursive List files recursively
all-filesystems List files on all filesystems
disk0: Directory or file name // a.k.a FLASH
flash: Directory or file name
system: Directory or file name
<cr>
ciscoasa# dir ?
/all List all files
/recursive List files recursively
all-filesystems List files on all filesystems
disk0: Directory or file name
disk1: Directory or file name // USB SLOT 1
flash: Directory or file name
system: Directory or file name
<cr>
ciscoasa# dir disk1:
Directory of disk1:/
142 -rwx 62682268 12:04:58 Mar 29 2012 c2900-universalk9-mz.SPA.150-1.M4.bin
143 -rwx 21890692 13:15:44 May 26 2012 c870-advipservicesk9-mz.124-24.T4.bin
144 -rwx 310347344 12:52:10 Feb 04 2015 cat3k_caa-universalk9.SPA.03.07.00.E.152-3.E.bin
145 -rwx 38172672 10:01:48 May 21 2015 asa916-4-smp-k8.bin
2013200384 bytes total (1192165376 bytes free)
ciscoasa# copy ?
/noconfirm Do not prompt for confirmation
/pcap Raw packet capture dump
capture: Copyout capture buffer
cluster_trace: Copy from cluster_trace: file system
disk0: Copy from disk0: file system
disk1: Copy from disk1: file system
flash: Copy from flash: file system
ftp: Copy from ftp: file system
http: Copy from http: file system
https: Copy from https: file system
running-config Copy from current system configuration
smb: Copy from smb: file system
startup-config Copy from startup configuration
system: Copy from system: file system
tftp: Copy from tftp: file system
ciscoasa# copy disk1:asa916-4-smp-k8.bin ?
cluster: Copy to cluster: file system
disk0: Copy to disk0: file system
disk1: Copy to disk1: file system
flash: Copy to flash: file system
ftp: Copy to ftp: file system
running-config Update (merge with) current system configuration
smb: Copy to smb: file system
startup-config Copy to startup configuration
system: Copy to system: file system
tftp: Copy to tftp: file system
ciscoasa# copy disk1:asa916-4-smp-k8.bin disk0:
Source filename [asa916-4-smp-k8.bin]?
Destination filename [asa916-4-smp-k8.bin]?
Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
<OUTPUT TRUNCATED>
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCC
Writing file disk0:/asa916-4-smp-k8.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!
38172672 bytes copied in 19.430 secs (2009088 bytes/sec)
ciscoasa# dir flash:
Directory of disk0:/
10 drwx 4096 08:09:48 Apr 14 2015 log
20 drwx 4096 08:10:14 Apr 14 2015 crypto_archive
21 drwx 4096 08:10:24 Apr 14 2015 coredumpinfo
108 -rwx 38191104 08:13:30 Apr 14 2015 asa912-smp-k8.bin
109 -rwx 18097844 08:15:36 Apr 14 2015 asdm-713.bin
149 -rwx 38172672 19:12:25 May 20 2015 asa916-4-smp-k8.bin
110 -rwx 12998641 08:20:18 Apr 14 2015 csd_3.5.2008-k9.pkg
111 drwx 4096 08:20:18 Apr 14 2015 sdesktop
112 -rwx 6487517 08:20:20 Apr 14 2015 anyconnect-macosx-i386-2.5.2014-k9.pkg
113 -rwx 6689498 08:20:22 Apr 14 2015 anyconnect-linux-2.5.2014-k9.pkg
114 -rwx 4678691 08:20:24 Apr 14 2015 anyconnect-win-2.5.2014-k9.pkg
8238202880 bytes total (8112111616 bytes free)
ciscoasa# show bootvar
BOOT variable = disk0:/asa912-smp-k8.bin
Current BOOT variable = disk0:/asa912-smp-k8.bin
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa# configure terminal
ciscoasa(config)# boot system disk0:/asa916-4-smp-k8.bin
ciscoasa(config)# show bootvar
BOOT variable = disk0:/asa912-smp-k8.bin
Current BOOT variable = disk0:/asa912-smp-k8.bin;disk0:/asa916-4-smp-k8.bin // REMOVE 9.1(2)
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa(config)# no boot system disk0:/asa912-smp-k8.bin
ciscoasa(config)# show bootvar
BOOT variable = disk0:/asa912-smp-k8.bin
Current BOOT variable = disk0:/asa916-4-smp-k8.bin
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa(config)# write memory
Building configuration...
Cryptochecksum: 1b4d1965 442beae6 63ff0698 b826c1f3
3000 bytes copied in 0.660 secs
[OK]
ciscoasa(config)# reload
Proceed with reload? [confirm]
ciscoasa(config)#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down webvpn
Shutting down sw-module
Shutting down License Controller
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
<OUTPUT TRUNCATED>
ciscoasa> show version
Cisco Adaptive Security Appliance Software Version 9.1(6)4
Device Manager Version 7.1(3)
Instead of configuring a /30 IP address on the ASA and my PC and doing the usual TFTP (or FTP) transfer, I conveniently took out my USB flash drive, copied the new image and inserted it on the ASA's USB slot. There are 2 USB slots below the MGMT port and right beside the CONSOLE port. I used the copy command and pointed to the new ASA code using the boot command. I finally reloaded the ASA for the new code to take effect.
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 9.1(2)
Device Manager Version 7.1(3)
ciscoasa# dir ?
/all List all files
/recursive List files recursively
all-filesystems List files on all filesystems
disk0: Directory or file name // a.k.a FLASH
flash: Directory or file name
system: Directory or file name
<cr>
ciscoasa# dir ?
/all List all files
/recursive List files recursively
all-filesystems List files on all filesystems
disk0: Directory or file name
disk1: Directory or file name // USB SLOT 1
flash: Directory or file name
system: Directory or file name
<cr>
ciscoasa# dir disk1:
Directory of disk1:/
142 -rwx 62682268 12:04:58 Mar 29 2012 c2900-universalk9-mz.SPA.150-1.M4.bin
143 -rwx 21890692 13:15:44 May 26 2012 c870-advipservicesk9-mz.124-24.T4.bin
144 -rwx 310347344 12:52:10 Feb 04 2015 cat3k_caa-universalk9.SPA.03.07.00.E.152-3.E.bin
145 -rwx 38172672 10:01:48 May 21 2015 asa916-4-smp-k8.bin
2013200384 bytes total (1192165376 bytes free)
ciscoasa# copy ?
/noconfirm Do not prompt for confirmation
/pcap Raw packet capture dump
capture: Copyout capture buffer
cluster_trace: Copy from cluster_trace: file system
disk0: Copy from disk0: file system
disk1: Copy from disk1: file system
flash: Copy from flash: file system
ftp: Copy from ftp: file system
http: Copy from http: file system
https: Copy from https: file system
running-config Copy from current system configuration
smb: Copy from smb: file system
startup-config Copy from startup configuration
system: Copy from system: file system
tftp: Copy from tftp: file system
ciscoasa# copy disk1:asa916-4-smp-k8.bin ?
cluster: Copy to cluster: file system
disk0: Copy to disk0: file system
disk1: Copy to disk1: file system
flash: Copy to flash: file system
ftp: Copy to ftp: file system
running-config Update (merge with) current system configuration
smb: Copy to smb: file system
startup-config Copy to startup configuration
system: Copy to system: file system
tftp: Copy to tftp: file system
ciscoasa# copy disk1:asa916-4-smp-k8.bin disk0:
Source filename [asa916-4-smp-k8.bin]?
Destination filename [asa916-4-smp-k8.bin]?
Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
<OUTPUT TRUNCATED>
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCC
Writing file disk0:/asa916-4-smp-k8.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!
38172672 bytes copied in 19.430 secs (2009088 bytes/sec)
ciscoasa# dir flash:
Directory of disk0:/
10 drwx 4096 08:09:48 Apr 14 2015 log
20 drwx 4096 08:10:14 Apr 14 2015 crypto_archive
21 drwx 4096 08:10:24 Apr 14 2015 coredumpinfo
108 -rwx 38191104 08:13:30 Apr 14 2015 asa912-smp-k8.bin
109 -rwx 18097844 08:15:36 Apr 14 2015 asdm-713.bin
149 -rwx 38172672 19:12:25 May 20 2015 asa916-4-smp-k8.bin
110 -rwx 12998641 08:20:18 Apr 14 2015 csd_3.5.2008-k9.pkg
111 drwx 4096 08:20:18 Apr 14 2015 sdesktop
112 -rwx 6487517 08:20:20 Apr 14 2015 anyconnect-macosx-i386-2.5.2014-k9.pkg
113 -rwx 6689498 08:20:22 Apr 14 2015 anyconnect-linux-2.5.2014-k9.pkg
114 -rwx 4678691 08:20:24 Apr 14 2015 anyconnect-win-2.5.2014-k9.pkg
8238202880 bytes total (8112111616 bytes free)
ciscoasa# show bootvar
BOOT variable = disk0:/asa912-smp-k8.bin
Current BOOT variable = disk0:/asa912-smp-k8.bin
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa# configure terminal
ciscoasa(config)# boot system disk0:/asa916-4-smp-k8.bin
ciscoasa(config)# show bootvar
BOOT variable = disk0:/asa912-smp-k8.bin
Current BOOT variable = disk0:/asa912-smp-k8.bin;disk0:/asa916-4-smp-k8.bin // REMOVE 9.1(2)
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa(config)# no boot system disk0:/asa912-smp-k8.bin
ciscoasa(config)# show bootvar
BOOT variable = disk0:/asa912-smp-k8.bin
Current BOOT variable = disk0:/asa916-4-smp-k8.bin
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa(config)# write memory
Building configuration...
Cryptochecksum: 1b4d1965 442beae6 63ff0698 b826c1f3
3000 bytes copied in 0.660 secs
[OK]
ciscoasa(config)# reload
Proceed with reload? [confirm]
ciscoasa(config)#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down webvpn
Shutting down sw-module
Shutting down License Controller
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
<OUTPUT TRUNCATED>
ciscoasa> show version
Cisco Adaptive Security Appliance Software Version 9.1(6)4
Device Manager Version 7.1(3)
No comments:
Post a Comment