I was asked to do a proof of concept (POC) for Cisco Cloud Web Security (CWS) and used a spare ASA 5510 firewall as a CWS connector. In order to run Scansafe commands, the ASA code must be 9.0.4 (minimum) or 9.1.5 above (recommended). I just couldn't upgrade the ASA directly from 8.2 to 9.0 and must follow the upgrade path: 8.2(x) and earlier > 8.4(6) > 9.x or later.
So I've upgrade the Cisco ASA 5510 firewall as well as its ASDM image (for GUI). The ASDM image 7.1(4) is compatible with ASA code 9.0.4. Notice that the upgrade requires a 1 GB RAM but I can still run the said ASA code with a 256 MB RAM since I'm only testing this in a small network environment.
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 8.2(2)
Device Manager Version 6.1(5)51
Compiled on Mon 11-Jan-10 14:19 by builders
System image file is "disk0:/asa822-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 16 mins 9 secs
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is 0021.a049.38dc, irq 9
1: Ext: Ethernet0/1 : address is 0021.a049.38dd, irq 9
2: Ext: Ethernet0/2 : address is 0021.a049.38de, irq 9
3: Ext: Ethernet0/3 : address is 0021.a049.38df, irq 9
4: Ext: Management0/0 : address is 0021.a049.38e0, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 250
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has a Base license.
Serial Number: JMX1302LABC
Configuration register is 0x1
Configuration has not been modified since last system restart.
ciscoasa(config)# interface eth0/1
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config-if)# ip address 192.168.1.2 255.255.255.0
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# ping 192.168.1.1 // TFTP SERVER/PC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
ciscoasa(config-if)# copy tftp://192.168.1.1/asa846-k8.bin flash
Address or name of remote host [192.168.1.1]?
Source filename [asa846-k8.bin]?
Destination filename [asa846-k8.bin]?
Accessing tftp://192.168.1/asa846k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asa846-k8.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
ciscoasa(config-if)#
ciscoasa(config-if)# show flash: | inc bin
Directory of disk0:/
164 -rwx 14137344 00:06:08 Jan 01 2003 asa804-k8.bin
165 -rwx 7605252 20:10:10 Feb 02 2009 asdm-61551.bin
166 -rwx 7562988 08:47:10 Jan 06 2009 asdm-613.bin
203 590436 Aug 21 2010 21:35:38 crypto_archive/crypto_arch_1.bin
168 -rwx 13879296 17:56:14 Jul 27 2009 asa804-32-k8.bin
175 -rwx 7621596 18:02:14 Jul 27 2009 asdm-61557.bin
176 -rwx 16459776 04:48:38 Feb 05 2010 asa822-k8.bin
177 -rwx 11862220 04:50:10 Feb 05 2010 asdm-625.bin
195 -rwx 24827904 02:48:18 Aug 12 2015 asa846-k8.bin
255844352 bytes total (131547136 bytes free)
ciscoasa(config-if)# boot flash:asa846-k8.bin
INFO: Converting flash:asa846-k8.bin to disk0:/asa846-k8.bin
ciscoasa(config)# write memory
Building configuration...
Cryptochecksum: 12e1858a b157e473 453aeeb0 3ddf3f8d
2659 bytes copied in 3.440 secs (886 bytes/sec)
[OK]
ciscoasa(config)# reload
Proceed with reload? [confirm]
ciscoasa(config)#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting.....
Restarting system.
<OUTPUT TRUNCATED>
Loading disk0:/asa846-k8.bin... Booting...
Platform ASA5510
Loading...
IO memory blocks requested from bigphys 32bit: 13008
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 180 files, 30347/62462 clusters
dosfsck(/dev/hda1) returned 0
Processor memory 96468992, Reserved memory: 41943040
Total SSMs found: 0
Total NICs found: 7
mcwa i82557 Ethernet at irq 11 MAC: 0021.a049.38e0
mcwa i82557 Ethernet at irq 5 MAC: 0000.0001.0001
i82547GI rev00 Gigabit Ethernet @ irq11 dev 1 index 05 MAC: 0000.0001.0002
i82546GB rev03 Ethernet @ irq09 dev 2 index 03 MAC: 0021.a049.38df
i82546GB rev03 Ethernet @ irq09 dev 2 index 02 MAC: 0021.a049.38de
i82546GB rev03 Ethernet @ irq09 dev 3 index 01 MAC: 0021.a049.38dd
i82546GB rev03 Ethernet @ irq09 dev 3 index 00 MAC: 0021.a049.38dc
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Verify the activation-key, it might take a while...
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has a Base license.
Cisco Adaptive Security Appliance Software Version 8.4(6)
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Copyright (c) 1996-2013 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
*************************************************************************
** **
** *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** **
** **
** ----> Minimum Memory Requirements NOT Met! <---- **
** **
** Installed RAM: 256 MB **
** Required RAM: 1024 MB **
** Upgrade part#: ASA5510-MEM-1GB= **
** **
** This ASA does not meet the minimum memory requirements needed to **
** run this image. Please install additional memory (part number **
** listed above) or downgrade to ASA version 8.2 or earlier. **
** Continuing to run without a memory upgrade is unsupported, and **
** critical system features will not function properly. **
** **
*************************************************************************
Reading from flash...
!
REAL IP MIGRATION: WARNING
In this version access-lists used in 'access-group', 'class-map',
'dynamic-filter classify-list', 'aaa match' will be migrated from
using IP address/ports as seen on interface, to their real values.
If an access-list used by these features is shared with per-user ACL
then the original access-list has to be recreated.
INFO: Note that identical IP addresses or overlapping IP ranges on
different interfaces are not detectable by automated Real IP migration.
If your deployment contains such scenarios, please verify your migrated
configuration is appropriate for those overlapping addresses/ranges.
Please also refer to the ASA 8.3 migration guide for a complete
explanation of the automated migration process.
INFO: MIGRATION - Saving the startup configuration to file
INFO: MIGRATION - Startup configuration saved to file 'flash:8_2_2_0_startup_cfg.sav'
*** Output from config line 4, "ASA Version 8.2(2) "
.
Cryptochecksum (unchanged): 12e1858a b157e473 453aeeb0 3ddf3f8d
Real IP migration logs:
No ACL was changed as part of Real-ip migration
INFO: MIGRATION - Saving the startup errors to file 'flash:upgrade_startup_errors_201508120253.log'
Type help or '?' for a list of available commands.
ciscoasa> show version
*************************************************************************
** **
** *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** **
** **
** ----> Minimum Memory Requirements NOT Met! <---- **
** **
** Installed RAM: 256 MB **
** Required RAM: 1024 MB **
** Upgrade part#: ASA5510-MEM-1GB= **
** **
** This ASA does not meet the minimum memory requirements needed to **
** run this image. Please install additional memory (part number **
** listed above) or downgrade to ASA version 8.2 or earlier. **
** Continuing to run without a memory upgrade is unsupported, and **
** critical system features will not function properly. **
** **
*************************************************************************
Cisco Adaptive Security Appliance Software Version 8.4(6)
Device Manager Version 6.1(5)51
Compiled on Fri 26-Apr-13 09:00 by builders
System image file is "disk0:/asa846-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 17 mins 6 secs
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Number of accelerators: 1
0: Ext: Ethernet0/0 : address is 0021.a049.38dc, irq 9
1: Ext: Ethernet0/1 : address is 0021.a049.38dd, irq 9
2: Ext: Ethernet0/2 : address is 0021.a049.38de, irq 9
3: Ext: Ethernet0/3 : address is 0021.a049.38df, irq 9
4: Ext: Management0/0 : address is 0021.a049.38e0, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has a Base license.
Serial Number: JMX1302LABC
Configuration register is 0x1
Configuration has not been modified since last system restart.
ciscoasa> enable
Password:<ENTER>
ciscoasa# configure terminal
ciscoasa(config)#
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall
Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later: n
In the future, if you would like to enable this feature,
issue the command "call-home reporting anonymous".
Please remember to save your configuration.
ciscoasa(config)# interface eth01 /1
ciscoasa(config-if)# ip address 192.168.1.2 255.255.255,0 .0
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# copy tftp://192.168.1.1/asa904-k8.bin flash
Address or name of remote host [192.168.1.1]?
Source filename [asa904-k8.bin]?
Destination filename [asa904-k8.bin]?
Accessing tftp://192.168.1.1/asa904k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
ciscoasa(config-if)# show flash | i bin
165 14137344 Jan 01 2003 00:06:08 asa804-k8.bin
166 7605252 Feb 02 2009 20:10:10 asdm-61551.bin
203 590436 Aug 21 2010 21:35:38 crypto_archive/crypto_arch_1.bin
167 7562988 Jan 06 2009 08:47:10 asdm-613.bin
169 13879296 Jul 27 2009 17:56:14 asa804-32-k8.bin
176 7621596 Jul 27 2009 18:02:14 asdm-61557.bin
177 16459776 Feb 05 2010 04:48:38 asa822-k8.bin
178 11862220 Feb 05 2010 04:50:10 asdm-625.bin
196 24827904 Aug 12 2015 02:48:18 asa846-k8.bin
201 27629568 Aug 12 2015 03:12:30 asa904-k8.bin
ciscoasa(config-if)# sh run boot
boot system disk0:/asa846-k8.bin
boot system disk0:/asa904-k8.bin
ciscoasa(config-if)# no boot system disk0:/asa846-k8.bin
ciscoasa(config)# write memory
Building configuration...
Cryptochecksum: 9b45c472 2f66cd0f 15ba3a35 b4262c94
2730 bytes copied in 3.370 secs (910 bytes/sec)
[OK]
ciscoasa# reload
Proceed with reload? [confirm]
ciscoasa#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting.....
Booting system, please wait...
<OUTPUT TRUNCATED>
Loading disk0:/asa904-k8.bin... Booting...
Platform ASA5510
Loading...
IO memory blocks requested from bigphys 32bit: 13264
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 188 files, 37096/62462 clusters
dosfsck(/dev/hda1) returned 0
Processor memory 92274688, Reserved memory: 41943040
Total SSMs found: 0
Total NICs found: 7
mcwa i82557 Ethernet at irq 11 MAC: 0021.a049.38e0
mcwa i82557 Ethernet at irq 5 MAC: 0000.0001.0001
i82547GI rev00 Gigabit Ethernet @ irq11 dev 1 index 05 MAC: 0000.0001.0002
i82546GB rev03 Ethernet @ irq09 dev 2 index 03 MAC: 0021.a049.38df
i82546GB rev03 Ethernet @ irq09 dev 2 index 02 MAC: 0021.a049.38de
i82546GB rev03 Ethernet @ irq09 dev 3 index 01 MAC: 0021.a049.38dd
i82546GB rev03 Ethernet @ irq09 dev 3 index 00 MAC: 0021.a049.38dc
INFO: Unable to read cluster interface-mode from flash
Writing default mode "None" to flash
Verify the activation-key, it might take a while...
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.08
Cisco Adaptive Security Appliance Software Version 9.0(4)
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
All rights reserved.
Copyright (c) 1998-2011 The OpenSSL Project.
All rights reserved.
This product includes software developed at the University of
California, Irvine for use in the DAV Explorer project
(http://www.ics.uci.edu/~webdav/)
Copyright (c) 1999-2005 Regents of the University of California.
All rights reserved.
Busybox, version 1.16.1, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Busybox comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
DOSFSTOOLS, version 2.11, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307
675 Mass Ave, Cambridge, MA 02139
DOSFSTOOLS comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
grub, version 0.94, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307
grub comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
libgcc, version 4.3, Copyright (C) 2007 Free Software Foundation, Inc.
libgcc comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
libstdc++, version 4.3, Copyright (C) 2007 Free Software Foundation, Inc.
libstdc++ comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
Linux kernel, version 2.6.29.6, Copyright (C) 1989, 1991 Free Software
Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Linux kernel comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
module-init-tools, version 3.10, Copyright (C) 1989, 1991 Free Software
Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
module-init-tools comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
numactl, version 2.0.3, Copyright (C) 2008 SGI.
Author: Andi Kleen, SUSE Labs
Version 2.0.0 by Cliff Wickman, Chritopher Lameter and Lee Schermerhorn
numactl comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
pciutils, version 3.1.4, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
pciutils comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
readline, version 5.2, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111 USA
readline comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
udev, version 146, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
udev comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
Cisco Adapative Security Appliance Software, version 9.0,
Copyright (c) 1996-2013 by Cisco Systems, Inc.
Certain components of Cisco ASA Software, Version 9.0 are licensed under the GNU
Lesser Public License (LGPL) Version 2.1. The software code licensed under LGPL
Version 2.1 is free software that comes with ABSOLUTELY NO WARRANTY. You can
redistribute and/or modify such LGPL code under the terms of LGPL Version 2.1
(http://www.gnu.org/licenses/lgpl-2.1.html). See User Manual for licensing
details.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set f(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
*************************************************************************
** **
** *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** **
** **
** ----> Minimum Memory Requirements NOT Met! <---- **
** **
** Installed RAM: 256 MB **
** Required RAM: 1024 MB **
** Upgrade part#: ASA5510-MEM-1GB= **
** **
** This ASA does not meet the minimum memory requirements needed to **
** run this image. Please install additional memory (part number **
** listed above) or downgrade to ASA version 8.2 or earlier. **
** Continuing to run without a memory upgrade is unsupported, and **
** critical system features will not function properly. **
** **
*************************************************************************
Reading from flash...
!
ssh key-exchange group dh-group1-sha1
^
ERROR: % Invalid Hostname
*** Output from config line 63, "ssh key-exchange group d..."
.
Cryptochecksum (unchanged): 9b45c472 2f66cd0f 15ba3a35 b4262c94
Type help or '?' for a list of available commands.
ciscoasa> show version
*************************************************************************
** **
** *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** **
** **
** ----> Minimum Memory Requirements NOT Met! <---- **
** **
** Installed RAM: 256 MB **
** Required RAM: 1024 MB **
** Upgrade part#: ASA5510-MEM-1GB= **
** **
** This ASA does not meet the minimum memory requirements needed to **
** run this image. Please install additional memory (part number **
** listed above) or downgrade to ASA version 8.2 or earlier. **
** Continuing to run without a memory upgrade is unsupported, and **
** critical system features will not function properly. **
** **
*************************************************************************
Cisco Adaptive Security Appliance Software Version 9.0(4)
Device Manager Version 6.1(5)51
Compiled on Wed 04-Dec-13 08:33 by builders
System image file is "disk0:/asa904-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 1 min 53 secs
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.08
Number of accelerators: 1
0: Ext: Ethernet0/0 : address is 0021.a049.38dc, irq 9
1: Ext: Ethernet0/1 : address is 0021.a049.38dd, irq 9
2: Ext: Ethernet0/2 : address is 0021.a049.38de, irq 9
3: Ext: Ethernet0/3 : address is 0021.a049.38df, irq 9
4: Ext: Management0/0 : address is 0021.a049.38e0, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Serial Number: JMX1302LABC
Configuration register is 0x1
Configuration has not been modified since last system restart.
ciscoasa# show interface ip brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset administratively down down
Ethernet0/1 192.168.1.2 YES CONFIG up up
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Management0/0 unassigned YES unset administratively down down
ciscoasa# copy tftp://192.168.1.1/asdm-743.bin flash // COMPATIBLE ASDM
Address or name of remote host [192.168.1.1]?
Source filename [asdm-743.bin]?
Destination filename [asdm-743.bin]?
Accessing tftp://192.168.1.1/asdm-743.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
24810876 bytes copied in 33.580 secs (751844 bytes/sec)
ciscoasa# configure terminal
ciscoasa(config)# asdm image disk0:/asdm-743.bin
ciscoasa# show run sc?
scansafe
ciscoasa# show run scansafe
ciscoasa# configure terminal
ciscoasa(config)# sc?
configure mode commands/options:
scansafe
ciscoasa(config)# scansafe ?
configure mode commands/options:
general-options To configure the Scansafe server and licence related details
ciscoasa(config)# scansafe gen
ciscoasa(config)# scansafe general-options ?
configure mode commands/options:
<cr>
ciscoasa(config)# scansafe general-options
ciscoasa(cfg-scansafe)# ?
Scansafe general-options configuration commands:
license Specify the scansafe server license provided to you.
no Negate a command or set its defaults
publickey Specify the location of the scansafe public key file
retry-count Specify the number of consecutive attempts to be made before
declaring the server dead
server Specify the scansafe server address and port
So I've upgrade the Cisco ASA 5510 firewall as well as its ASDM image (for GUI). The ASDM image 7.1(4) is compatible with ASA code 9.0.4. Notice that the upgrade requires a 1 GB RAM but I can still run the said ASA code with a 256 MB RAM since I'm only testing this in a small network environment.
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 8.2(2)
Device Manager Version 6.1(5)51
Compiled on Mon 11-Jan-10 14:19 by builders
System image file is "disk0:/asa822-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 16 mins 9 secs
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is 0021.a049.38dc, irq 9
1: Ext: Ethernet0/1 : address is 0021.a049.38dd, irq 9
2: Ext: Ethernet0/2 : address is 0021.a049.38de, irq 9
3: Ext: Ethernet0/3 : address is 0021.a049.38df, irq 9
4: Ext: Management0/0 : address is 0021.a049.38e0, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 250
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has a Base license.
Serial Number: JMX1302LABC
Configuration register is 0x1
Configuration has not been modified since last system restart.
ciscoasa(config)# interface eth0/1
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config-if)# ip address 192.168.1.2 255.255.255.0
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# ping 192.168.1.1 // TFTP SERVER/PC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
ciscoasa(config-if)# copy tftp://192.168.1.1/asa846-k8.bin flash
Address or name of remote host [192.168.1.1]?
Source filename [asa846-k8.bin]?
Destination filename [asa846-k8.bin]?
Accessing tftp://192.168.1/asa846k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asa846-k8.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
ciscoasa(config-if)#
ciscoasa(config-if)# show flash: | inc bin
Directory of disk0:/
164 -rwx 14137344 00:06:08 Jan 01 2003 asa804-k8.bin
165 -rwx 7605252 20:10:10 Feb 02 2009 asdm-61551.bin
166 -rwx 7562988 08:47:10 Jan 06 2009 asdm-613.bin
203 590436 Aug 21 2010 21:35:38 crypto_archive/crypto_arch_1.bin
168 -rwx 13879296 17:56:14 Jul 27 2009 asa804-32-k8.bin
175 -rwx 7621596 18:02:14 Jul 27 2009 asdm-61557.bin
176 -rwx 16459776 04:48:38 Feb 05 2010 asa822-k8.bin
177 -rwx 11862220 04:50:10 Feb 05 2010 asdm-625.bin
195 -rwx 24827904 02:48:18 Aug 12 2015 asa846-k8.bin
255844352 bytes total (131547136 bytes free)
ciscoasa(config-if)# boot flash:asa846-k8.bin
INFO: Converting flash:asa846-k8.bin to disk0:/asa846-k8.bin
ciscoasa(config)# write memory
Building configuration...
Cryptochecksum: 12e1858a b157e473 453aeeb0 3ddf3f8d
2659 bytes copied in 3.440 secs (886 bytes/sec)
[OK]
ciscoasa(config)# reload
Proceed with reload? [confirm]
ciscoasa(config)#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting.....
Restarting system.
<OUTPUT TRUNCATED>
Loading disk0:/asa846-k8.bin... Booting...
Platform ASA5510
Loading...
IO memory blocks requested from bigphys 32bit: 13008
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 180 files, 30347/62462 clusters
dosfsck(/dev/hda1) returned 0
Processor memory 96468992, Reserved memory: 41943040
Total SSMs found: 0
Total NICs found: 7
mcwa i82557 Ethernet at irq 11 MAC: 0021.a049.38e0
mcwa i82557 Ethernet at irq 5 MAC: 0000.0001.0001
i82547GI rev00 Gigabit Ethernet @ irq11 dev 1 index 05 MAC: 0000.0001.0002
i82546GB rev03 Ethernet @ irq09 dev 2 index 03 MAC: 0021.a049.38df
i82546GB rev03 Ethernet @ irq09 dev 2 index 02 MAC: 0021.a049.38de
i82546GB rev03 Ethernet @ irq09 dev 3 index 01 MAC: 0021.a049.38dd
i82546GB rev03 Ethernet @ irq09 dev 3 index 00 MAC: 0021.a049.38dc
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Verify the activation-key, it might take a while...
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has a Base license.
Cisco Adaptive Security Appliance Software Version 8.4(6)
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Copyright (c) 1996-2013 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
*************************************************************************
** **
** *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** **
** **
** ----> Minimum Memory Requirements NOT Met! <---- **
** **
** Installed RAM: 256 MB **
** Required RAM: 1024 MB **
** Upgrade part#: ASA5510-MEM-1GB= **
** **
** This ASA does not meet the minimum memory requirements needed to **
** run this image. Please install additional memory (part number **
** listed above) or downgrade to ASA version 8.2 or earlier. **
** Continuing to run without a memory upgrade is unsupported, and **
** critical system features will not function properly. **
** **
*************************************************************************
Reading from flash...
!
REAL IP MIGRATION: WARNING
In this version access-lists used in 'access-group', 'class-map',
'dynamic-filter classify-list', 'aaa match' will be migrated from
using IP address/ports as seen on interface, to their real values.
If an access-list used by these features is shared with per-user ACL
then the original access-list has to be recreated.
INFO: Note that identical IP addresses or overlapping IP ranges on
different interfaces are not detectable by automated Real IP migration.
If your deployment contains such scenarios, please verify your migrated
configuration is appropriate for those overlapping addresses/ranges.
Please also refer to the ASA 8.3 migration guide for a complete
explanation of the automated migration process.
INFO: MIGRATION - Saving the startup configuration to file
INFO: MIGRATION - Startup configuration saved to file 'flash:8_2_2_0_startup_cfg.sav'
*** Output from config line 4, "ASA Version 8.2(2) "
.
Cryptochecksum (unchanged): 12e1858a b157e473 453aeeb0 3ddf3f8d
Real IP migration logs:
No ACL was changed as part of Real-ip migration
INFO: MIGRATION - Saving the startup errors to file 'flash:upgrade_startup_errors_201508120253.log'
Type help or '?' for a list of available commands.
ciscoasa> show version
*************************************************************************
** **
** *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** **
** **
** ----> Minimum Memory Requirements NOT Met! <---- **
** **
** Installed RAM: 256 MB **
** Required RAM: 1024 MB **
** Upgrade part#: ASA5510-MEM-1GB= **
** **
** This ASA does not meet the minimum memory requirements needed to **
** run this image. Please install additional memory (part number **
** listed above) or downgrade to ASA version 8.2 or earlier. **
** Continuing to run without a memory upgrade is unsupported, and **
** critical system features will not function properly. **
** **
*************************************************************************
Cisco Adaptive Security Appliance Software Version 8.4(6)
Device Manager Version 6.1(5)51
Compiled on Fri 26-Apr-13 09:00 by builders
System image file is "disk0:/asa846-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 17 mins 6 secs
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Number of accelerators: 1
0: Ext: Ethernet0/0 : address is 0021.a049.38dc, irq 9
1: Ext: Ethernet0/1 : address is 0021.a049.38dd, irq 9
2: Ext: Ethernet0/2 : address is 0021.a049.38de, irq 9
3: Ext: Ethernet0/3 : address is 0021.a049.38df, irq 9
4: Ext: Management0/0 : address is 0021.a049.38e0, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has a Base license.
Serial Number: JMX1302LABC
Configuration register is 0x1
Configuration has not been modified since last system restart.
ciscoasa> enable
Password:<ENTER>
ciscoasa# configure terminal
ciscoasa(config)#
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall
Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later: n
In the future, if you would like to enable this feature,
issue the command "call-home reporting anonymous".
Please remember to save your configuration.
ciscoasa(config)# interface eth01 /1
ciscoasa(config-if)# ip address 192.168.1.2 255.255.255,0 .0
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# copy tftp://192.168.1.1/asa904-k8.bin flash
Address or name of remote host [192.168.1.1]?
Source filename [asa904-k8.bin]?
Destination filename [asa904-k8.bin]?
Accessing tftp://192.168.1.1/asa904k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
ciscoasa(config-if)# show flash | i bin
165 14137344 Jan 01 2003 00:06:08 asa804-k8.bin
166 7605252 Feb 02 2009 20:10:10 asdm-61551.bin
203 590436 Aug 21 2010 21:35:38 crypto_archive/crypto_arch_1.bin
167 7562988 Jan 06 2009 08:47:10 asdm-613.bin
169 13879296 Jul 27 2009 17:56:14 asa804-32-k8.bin
176 7621596 Jul 27 2009 18:02:14 asdm-61557.bin
177 16459776 Feb 05 2010 04:48:38 asa822-k8.bin
178 11862220 Feb 05 2010 04:50:10 asdm-625.bin
196 24827904 Aug 12 2015 02:48:18 asa846-k8.bin
201 27629568 Aug 12 2015 03:12:30 asa904-k8.bin
ciscoasa(config-if)# sh run boot
boot system disk0:/asa846-k8.bin
boot system disk0:/asa904-k8.bin
ciscoasa(config-if)# no boot system disk0:/asa846-k8.bin
ciscoasa(config)# write memory
Building configuration...
Cryptochecksum: 9b45c472 2f66cd0f 15ba3a35 b4262c94
2730 bytes copied in 3.370 secs (910 bytes/sec)
[OK]
ciscoasa# reload
Proceed with reload? [confirm]
ciscoasa#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting.....
Booting system, please wait...
<OUTPUT TRUNCATED>
Loading disk0:/asa904-k8.bin... Booting...
Platform ASA5510
Loading...
IO memory blocks requested from bigphys 32bit: 13264
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 188 files, 37096/62462 clusters
dosfsck(/dev/hda1) returned 0
Processor memory 92274688, Reserved memory: 41943040
Total SSMs found: 0
Total NICs found: 7
mcwa i82557 Ethernet at irq 11 MAC: 0021.a049.38e0
mcwa i82557 Ethernet at irq 5 MAC: 0000.0001.0001
i82547GI rev00 Gigabit Ethernet @ irq11 dev 1 index 05 MAC: 0000.0001.0002
i82546GB rev03 Ethernet @ irq09 dev 2 index 03 MAC: 0021.a049.38df
i82546GB rev03 Ethernet @ irq09 dev 2 index 02 MAC: 0021.a049.38de
i82546GB rev03 Ethernet @ irq09 dev 3 index 01 MAC: 0021.a049.38dd
i82546GB rev03 Ethernet @ irq09 dev 3 index 00 MAC: 0021.a049.38dc
INFO: Unable to read cluster interface-mode from flash
Writing default mode "None" to flash
Verify the activation-key, it might take a while...
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.08
Cisco Adaptive Security Appliance Software Version 9.0(4)
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
All rights reserved.
Copyright (c) 1998-2011 The OpenSSL Project.
All rights reserved.
This product includes software developed at the University of
California, Irvine for use in the DAV Explorer project
(http://www.ics.uci.edu/~webdav/)
Copyright (c) 1999-2005 Regents of the University of California.
All rights reserved.
Busybox, version 1.16.1, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Busybox comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
DOSFSTOOLS, version 2.11, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307
675 Mass Ave, Cambridge, MA 02139
DOSFSTOOLS comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
grub, version 0.94, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307
grub comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
libgcc, version 4.3, Copyright (C) 2007 Free Software Foundation, Inc.
libgcc comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
libstdc++, version 4.3, Copyright (C) 2007 Free Software Foundation, Inc.
libstdc++ comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
Linux kernel, version 2.6.29.6, Copyright (C) 1989, 1991 Free Software
Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Linux kernel comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
module-init-tools, version 3.10, Copyright (C) 1989, 1991 Free Software
Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
module-init-tools comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
numactl, version 2.0.3, Copyright (C) 2008 SGI.
Author: Andi Kleen, SUSE Labs
Version 2.0.0 by Cliff Wickman, Chritopher Lameter and Lee Schermerhorn
numactl comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
pciutils, version 3.1.4, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
pciutils comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
readline, version 5.2, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111 USA
readline comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
udev, version 146, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
udev comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
Cisco Adapative Security Appliance Software, version 9.0,
Copyright (c) 1996-2013 by Cisco Systems, Inc.
Certain components of Cisco ASA Software, Version 9.0 are licensed under the GNU
Lesser Public License (LGPL) Version 2.1. The software code licensed under LGPL
Version 2.1 is free software that comes with ABSOLUTELY NO WARRANTY. You can
redistribute and/or modify such LGPL code under the terms of LGPL Version 2.1
(http://www.gnu.org/licenses/lgpl-2.1.html). See User Manual for licensing
details.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set f(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
*************************************************************************
** **
** *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** **
** **
** ----> Minimum Memory Requirements NOT Met! <---- **
** **
** Installed RAM: 256 MB **
** Required RAM: 1024 MB **
** Upgrade part#: ASA5510-MEM-1GB= **
** **
** This ASA does not meet the minimum memory requirements needed to **
** run this image. Please install additional memory (part number **
** listed above) or downgrade to ASA version 8.2 or earlier. **
** Continuing to run without a memory upgrade is unsupported, and **
** critical system features will not function properly. **
** **
*************************************************************************
Reading from flash...
!
ssh key-exchange group dh-group1-sha1
^
ERROR: % Invalid Hostname
*** Output from config line 63, "ssh key-exchange group d..."
.
Cryptochecksum (unchanged): 9b45c472 2f66cd0f 15ba3a35 b4262c94
Type help or '?' for a list of available commands.
ciscoasa> show version
*************************************************************************
** **
** *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** **
** **
** ----> Minimum Memory Requirements NOT Met! <---- **
** **
** Installed RAM: 256 MB **
** Required RAM: 1024 MB **
** Upgrade part#: ASA5510-MEM-1GB= **
** **
** This ASA does not meet the minimum memory requirements needed to **
** run this image. Please install additional memory (part number **
** listed above) or downgrade to ASA version 8.2 or earlier. **
** Continuing to run without a memory upgrade is unsupported, and **
** critical system features will not function properly. **
** **
*************************************************************************
Cisco Adaptive Security Appliance Software Version 9.0(4)
Device Manager Version 6.1(5)51
Compiled on Wed 04-Dec-13 08:33 by builders
System image file is "disk0:/asa904-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 1 min 53 secs
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.08
Number of accelerators: 1
0: Ext: Ethernet0/0 : address is 0021.a049.38dc, irq 9
1: Ext: Ethernet0/1 : address is 0021.a049.38dd, irq 9
2: Ext: Ethernet0/2 : address is 0021.a049.38de, irq 9
3: Ext: Ethernet0/3 : address is 0021.a049.38df, irq 9
4: Ext: Management0/0 : address is 0021.a049.38e0, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Serial Number: JMX1302LABC
Configuration register is 0x1
Configuration has not been modified since last system restart.
ciscoasa# show interface ip brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset administratively down down
Ethernet0/1 192.168.1.2 YES CONFIG up up
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Management0/0 unassigned YES unset administratively down down
ciscoasa# copy tftp://192.168.1.1/asdm-743.bin flash // COMPATIBLE ASDM
Address or name of remote host [192.168.1.1]?
Source filename [asdm-743.bin]?
Destination filename [asdm-743.bin]?
Accessing tftp://192.168.1.1/asdm-743.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
24810876 bytes copied in 33.580 secs (751844 bytes/sec)
ciscoasa# configure terminal
ciscoasa(config)# asdm image disk0:/asdm-743.bin
ciscoasa# show run sc?
scansafe
ciscoasa# show run scansafe
ciscoasa# configure terminal
ciscoasa(config)# sc?
configure mode commands/options:
scansafe
ciscoasa(config)# scansafe ?
configure mode commands/options:
general-options To configure the Scansafe server and licence related details
ciscoasa(config)# scansafe gen
ciscoasa(config)# scansafe general-options ?
configure mode commands/options:
<cr>
ciscoasa(config)# scansafe general-options
ciscoasa(cfg-scansafe)# ?
Scansafe general-options configuration commands:
license Specify the scansafe server license provided to you.
no Negate a command or set its defaults
publickey Specify the location of the scansafe public key file
retry-count Specify the number of consecutive attempts to be made before
declaring the server dead
server Specify the scansafe server address and port
No comments:
Post a Comment