Friday, September 11, 2015

Cisco ASA 9.0 Upgrade Path

I was asked to do a proof of concept (POC) for Cisco Cloud Web Security (CWS) and used a spare ASA 5510 firewall as a CWS connector. In order to run Scansafe commands, the ASA code must be 9.0.4 (minimum) or 9.1.5 above (recommended). I just couldn't upgrade the ASA directly from 8.2 to 9.0 and must follow the upgrade path: 8.2(x) and earlier > 8.4(6) > 9.x or later.

So I've upgrade the Cisco ASA 5510 firewall as well as its ASDM image (for GUI). The ASDM image 7.1(4) is compatible with ASA code 9.0.4. Notice that the upgrade requires a 1 GB RAM but I can still run the said ASA code with a 256 MB RAM since I'm only testing this in a small network environment.


ciscoasa# show version

Cisco Adaptive Security Appliance Software Version 8.2(2)
Device Manager Version 6.1(5)51

Compiled on Mon 11-Jan-10 14:19 by builders
System image file is "disk0:/asa822-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 16 mins 9 secs

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
 0: Ext: Ethernet0/0         : address is 0021.a049.38dc, irq 9
 1: Ext: Ethernet0/1         : address is 0021.a049.38dd, irq 9
 2: Ext: Ethernet0/2         : address is 0021.a049.38de, irq 9
 3: Ext: Ethernet0/3         : address is 0021.a049.38df, irq 9
 4: Ext: Management0/0       : address is 0021.a049.38e0, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5
             
Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 50       
Inside Hosts                   : Unlimited
Failover                       : Disabled
VPN-DES                        : Enabled  
VPN-3DES-AES                   : Enabled  
Security Contexts              : 0        
GTP/GPRS                       : Disabled 
SSL VPN Peers                  : 2        
Total VPN Peers                : 250      
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled 
AnyConnect for Cisco VPN Phone : Disabled 
AnyConnect Essentials          : Disabled 
Advanced Endpoint Assessment   : Disabled 
UC Phone Proxy Sessions        : 2        
Total UC Proxy Sessions        : 2        
Botnet Traffic Filter          : Disabled 

This platform has a Base license.

Serial Number: JMX1302LABC
Configuration register is 0x1
Configuration has not been modified since last system restart.


ciscoasa(config)# interface eth0/1
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config-if)# ip address 192.168.1.2 255.255.255.0
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# ping 192.168.1.1    // TFTP SERVER/PC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms

ciscoasa(config-if)# copy tftp://192.168.1.1/asa846-k8.bin flash
Address or name of remote host [192.168.1.1]?
Source filename [asa846-k8.bin]?
Destination filename [asa846-k8.bin]?

Accessing tftp://192.168.1/asa846k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<OUTPUT TRUNCATED>

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asa846-k8.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

ciscoasa(config-if)#

ciscoasa(config-if)# show flash: | inc bin

Directory of disk0:/

164    -rwx  14137344    00:06:08 Jan 01 2003  asa804-k8.bin
165    -rwx  7605252     20:10:10 Feb 02 2009  asdm-61551.bin
166    -rwx  7562988     08:47:10 Jan 06 2009  asdm-613.bin
203  590436      Aug 21 2010 21:35:38  crypto_archive/crypto_arch_1.bin
168    -rwx  13879296    17:56:14 Jul 27 2009  asa804-32-k8.bin
175    -rwx  7621596     18:02:14 Jul 27 2009  asdm-61557.bin
176    -rwx  16459776    04:48:38 Feb 05 2010  asa822-k8.bin
177    -rwx  11862220    04:50:10 Feb 05 2010  asdm-625.bin
195    -rwx  24827904    02:48:18 Aug 12 2015  asa846-k8.bin

255844352 bytes total (131547136 bytes free)

ciscoasa(config-if)# boot flash:asa846-k8.bin
INFO: Converting flash:asa846-k8.bin to disk0:/asa846-k8.bin

ciscoasa(config)# write memory
Building configuration...
Cryptochecksum: 12e1858a b157e473 453aeeb0 3ddf3f8d

2659 bytes copied in 3.440 secs (886 bytes/sec)
[OK]

ciscoasa(config)# reload
Proceed with reload? [confirm]

ciscoasa(config)#


***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down File system


***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting.....
Restarting system.


<OUTPUT TRUNCATED>

Loading disk0:/asa846-k8.bin... Booting...
Platform ASA5510

Loading...
IO memory blocks requested from bigphys 32bit: 13008
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 180 files, 30347/62462 clusters
dosfsck(/dev/hda1) returned 0
Processor memory 96468992, Reserved memory: 41943040

Total SSMs found: 0

Total NICs found: 7
mcwa i82557 Ethernet at irq 11  MAC: 0021.a049.38e0
mcwa i82557 Ethernet at irq  5  MAC: 0000.0001.0001
i82547GI rev00 Gigabit Ethernet @ irq11 dev 1 index 05 MAC: 0000.0001.0002
i82546GB rev03 Ethernet @ irq09 dev 2 index 03 MAC: 0021.a049.38df
i82546GB rev03 Ethernet @ irq09 dev 2 index 02 MAC: 0021.a049.38de
i82546GB rev03 Ethernet @ irq09 dev 3 index 01 MAC: 0021.a049.38dd
i82546GB rev03 Ethernet @ irq09 dev 3 index 00 MAC: 0021.a049.38dc
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
Verify the activation-key, it might take a while...

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 50             perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has a Base license.

Cisco Adaptive Security Appliance Software Version 8.4(6)

  ****************************** Warning *******************************
  This product contains cryptographic features and is
  subject to United States and local country laws
  governing, import, export, transfer, and use.
  Delivery of Cisco cryptographic products does not
  imply third-party authority to import, export,
  distribute, or use encryption. Importers, exporters,
  distributors and users are responsible for compliance
  with U.S. and local country laws. By using this
  product you agree to comply with applicable laws and
  regulations. If you are unable to comply with U.S.
  and local laws, return the enclosed items immediately.

  A summary of U.S. laws governing Cisco cryptographic
  products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

  If you require further assistance please contact us by
  sending email to export@cisco.com.
  ******************************* Warning *******************************

Copyright (c) 1996-2013 by Cisco Systems, Inc.

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706


*************************************************************************
**                                                                     **
**   *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING ***   **
**                                                                     **
**          ----> Minimum Memory Requirements NOT Met! <----           **
**                                                                     **
**  Installed RAM:  256 MB                                             **
**  Required  RAM: 1024 MB                                             **
**  Upgrade part#: ASA5510-MEM-1GB=                                    **
**                                                                     **
**  This ASA does not meet the minimum memory requirements needed to   **
**  run this image. Please install additional memory (part number      **
**  listed above) or downgrade to ASA version 8.2 or earlier.          **
**  Continuing to run without a memory upgrade is unsupported, and     **
**  critical system features will not function properly.               **
**                                                                     **
*************************************************************************
Reading from flash...
!
REAL IP MIGRATION: WARNING
In this version access-lists used in 'access-group', 'class-map',
'dynamic-filter classify-list', 'aaa match' will be migrated from
using IP address/ports as seen on interface, to their real values.
If an access-list used by these features is shared with per-user ACL
then the original access-list has to be recreated.
INFO: Note that identical IP addresses or overlapping IP ranges on
different interfaces are not detectable by automated Real IP migration.
If your deployment contains such scenarios, please verify your migrated
configuration is appropriate for those overlapping addresses/ranges.
Please also refer to the ASA 8.3 migration guide for a complete
explanation of the automated migration process.

INFO: MIGRATION - Saving the startup configuration to file

INFO: MIGRATION - Startup configuration saved to file 'flash:8_2_2_0_startup_cfg.sav'
*** Output from config line 4, "ASA Version 8.2(2) "
.
Cryptochecksum (unchanged): 12e1858a b157e473 453aeeb0 3ddf3f8d
Real IP migration logs:
    No ACL was changed as part of Real-ip migration

INFO: MIGRATION - Saving the startup errors to file 'flash:upgrade_startup_errors_201508120253.log'
Type help or '?' for a list of available commands.

ciscoasa> show version

*************************************************************************
**                                                                     **
**   *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING ***   **
**                                                                     **
**          ----> Minimum Memory Requirements NOT Met! <----           **
**                                                                     **
**  Installed RAM:  256 MB                                             **
**  Required  RAM: 1024 MB                                             **
**  Upgrade part#: ASA5510-MEM-1GB=                                    **
**                                                                     **
**  This ASA does not meet the minimum memory requirements needed to   **
**  run this image. Please install additional memory (part number      **
**  listed above) or downgrade to ASA version 8.2 or earlier.          **
**  Continuing to run without a memory upgrade is unsupported, and     **
**  critical system features will not function properly.               **
**                                                                     **
*************************************************************************

Cisco Adaptive Security Appliance Software Version 8.4(6)
Device Manager Version 6.1(5)51

Compiled on Fri 26-Apr-13 09:00 by builders
System image file is "disk0:/asa846-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 17 mins 6 secs

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
                             Number of accelerators: 1

 0: Ext: Ethernet0/0         : address is 0021.a049.38dc, irq 9
 1: Ext: Ethernet0/1         : address is 0021.a049.38dd, irq 9
 2: Ext: Ethernet0/2         : address is 0021.a049.38de, irq 9
 3: Ext: Ethernet0/3         : address is 0021.a049.38df, irq 9
 4: Ext: Management0/0       : address is 0021.a049.38e0, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 50             perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has a Base license.

Serial Number: JMX1302LABC
Configuration register is 0x1
             
Configuration has not been modified since last system restart.

ciscoasa> enable
Password:<ENTER>

ciscoasa# configure terminal
ciscoasa(config)#

***************************** NOTICE *****************************

Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall

Would you like to enable anonymous error reporting to help improve

the product? [Y]es, [N]o, [A]sk later: n

In the future, if you would like to enable this feature,
issue the command "call-home reporting anonymous".

Please remember to save your configuration.


ciscoasa(config)# interface eth01 /1
ciscoasa(config-if)# ip address 192.168.1.2 255.255.255,0 .0
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# copy tftp://192.168.1.1/asa904-k8.bin flash
Address or name of remote host [192.168.1.1]?
Source filename [asa904-k8.bin]?
Destination filename [asa904-k8.bin]?

Accessing tftp://192.168.1.1/asa904k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<OUTPUT TRUNCATED>

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

ciscoasa(config-if)# show flash | i bin
  165  14137344    Jan 01 2003 00:06:08  asa804-k8.bin
  166  7605252     Feb 02 2009 20:10:10  asdm-61551.bin
  203  590436      Aug 21 2010 21:35:38  crypto_archive/crypto_arch_1.bin
  167  7562988     Jan 06 2009 08:47:10  asdm-613.bin
  169  13879296    Jul 27 2009 17:56:14  asa804-32-k8.bin
  176  7621596     Jul 27 2009 18:02:14  asdm-61557.bin
  177  16459776    Feb 05 2010 04:48:38  asa822-k8.bin
  178  11862220    Feb 05 2010 04:50:10  asdm-625.bin
  196  24827904    Aug 12 2015 02:48:18  asa846-k8.bin
  201  27629568    Aug 12 2015 03:12:30  asa904-k8.bin

ciscoasa(config-if)# sh run boot
boot system disk0:/asa846-k8.bin
boot system disk0:/asa904-k8.bin
ciscoasa(config-if)# no boot system disk0:/asa846-k8.bin
ciscoasa(config)# write memory
Building configuration...
Cryptochecksum: 9b45c472 2f66cd0f 15ba3a35 b4262c94

2730 bytes copied in 3.370 secs (910 bytes/sec)
[OK]

ciscoasa# reload
Proceed with reload? [confirm]

ciscoasa#


***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down File system


***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting.....


Booting system, please wait...

<OUTPUT TRUNCATED>

Loading disk0:/asa904-k8.bin... Booting...
Platform ASA5510

Loading...
IO memory blocks requested from bigphys 32bit: 13264
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 188 files, 37096/62462 clusters
dosfsck(/dev/hda1) returned 0
Processor memory 92274688, Reserved memory: 41943040

Total SSMs found: 0

Total NICs found: 7
mcwa i82557 Ethernet at irq 11  MAC: 0021.a049.38e0
mcwa i82557 Ethernet at irq  5  MAC: 0000.0001.0001
i82547GI rev00 Gigabit Ethernet @ irq11 dev 1 index 05 MAC: 0000.0001.0002
i82546GB rev03 Ethernet @ irq09 dev 2 index 03 MAC: 0021.a049.38df
i82546GB rev03 Ethernet @ irq09 dev 2 index 02 MAC: 0021.a049.38de
i82546GB rev03 Ethernet @ irq09 dev 3 index 01 MAC: 0021.a049.38dd
i82546GB rev03 Ethernet @ irq09 dev 3 index 00 MAC: 0021.a049.38dc

INFO: Unable to read cluster interface-mode from flash
       Writing default mode "None" to flash
Verify the activation-key, it might take a while...

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 50             perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has a Base license.

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
                             Boot microcode        : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.08

Cisco Adaptive Security Appliance Software Version 9.0(4)

  ****************************** Warning *******************************
  This product contains cryptographic features and is
  subject to United States and local country laws
  governing, import, export, transfer, and use.
  Delivery of Cisco cryptographic products does not
  imply third-party authority to import, export,
  distribute, or use encryption. Importers, exporters,
  distributors and users are responsible for compliance
  with U.S. and local country laws. By using this
  product you agree to comply with applicable laws and
  regulations. If you are unable to comply with U.S.
  and local laws, return the enclosed items immediately.

  A summary of U.S. laws governing Cisco cryptographic
  products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

  If you require further assistance please contact us by
  sending email to export@cisco.com.
  ******************************* Warning *******************************

This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
All rights reserved.
Copyright (c) 1998-2011 The OpenSSL Project.
All rights reserved.

This product includes software developed at the University of
California, Irvine for use in the DAV Explorer project
(http://www.ics.uci.edu/~webdav/)
Copyright (c) 1999-2005 Regents of the University of California.
All rights reserved.

Busybox, version 1.16.1, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
Busybox comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

DOSFSTOOLS, version 2.11, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307
675 Mass Ave, Cambridge, MA 02139
DOSFSTOOLS comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

grub, version 0.94, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307
grub comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

libgcc, version 4.3, Copyright (C) 2007 Free Software Foundation, Inc.
libgcc comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

libstdc++, version 4.3, Copyright (C) 2007 Free Software Foundation, Inc.
libstdc++ comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

Linux kernel, version 2.6.29.6, Copyright (C) 1989, 1991 Free Software
Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
Linux kernel comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

module-init-tools, version 3.10, Copyright (C) 1989, 1991 Free Software
Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
module-init-tools comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

numactl, version 2.0.3, Copyright (C) 2008 SGI.
Author: Andi Kleen, SUSE Labs
Version 2.0.0 by Cliff Wickman, Chritopher Lameter and Lee Schermerhorn
numactl comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

pciutils, version 3.1.4, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
pciutils comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

readline, version 5.2, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111 USA
readline comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

udev, version 146, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
udev comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.

Cisco Adapative Security Appliance Software, version 9.0,
Copyright (c) 1996-2013 by Cisco Systems, Inc.
Certain components of Cisco ASA Software, Version 9.0 are licensed under the GNU
Lesser Public License (LGPL) Version 2.1.  The software code licensed under LGPL
Version 2.1 is free software that comes with ABSOLUTELY NO WARRANTY.  You can
redistribute and/or modify such LGPL code under the terms of LGPL Version 2.1
(http://www.gnu.org/licenses/lgpl-2.1.html).  See User Manual for licensing
details.

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set f(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706


*************************************************************************
**                                                                     **
**   *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING ***   **
**                                                                     **
**          ----> Minimum Memory Requirements NOT Met! <----           **
**                                                                     **
**  Installed RAM:  256 MB                                             **
**  Required  RAM: 1024 MB                                             **
**  Upgrade part#: ASA5510-MEM-1GB=                                    **
**                                                                     **
**  This ASA does not meet the minimum memory requirements needed to   **
**  run this image. Please install additional memory (part number      **
**  listed above) or downgrade to ASA version 8.2 or earlier.          **
**  Continuing to run without a memory upgrade is unsupported, and     **
**  critical system features will not function properly.               **
**                                                                     **
*************************************************************************
Reading from flash...
!
ssh key-exchange group dh-group1-sha1
    ^
ERROR: % Invalid Hostname
*** Output from config line 63, "ssh key-exchange group d..."
.
Cryptochecksum (unchanged): 9b45c472 2f66cd0f 15ba3a35 b4262c94
Type help or '?' for a list of available commands.

ciscoasa> show version

*************************************************************************
**                                                                     **
**   *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING ***   **
**                                                                     **
**          ----> Minimum Memory Requirements NOT Met! <----           **
**                                                                     **
**  Installed RAM:  256 MB                                             **
**  Required  RAM: 1024 MB                                             **
**  Upgrade part#: ASA5510-MEM-1GB=                                    **
**                                                                     **
**  This ASA does not meet the minimum memory requirements needed to   **
**  run this image. Please install additional memory (part number      **
**  listed above) or downgrade to ASA version 8.2 or earlier.          **
**  Continuing to run without a memory upgrade is unsupported, and     **
**  critical system features will not function properly.               **
**                                                                     **
*************************************************************************

Cisco Adaptive Security Appliance Software Version 9.0(4)
Device Manager Version 6.1(5)51

Compiled on Wed 04-Dec-13 08:33 by builders
System image file is "disk0:/asa904-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 1 min 53 secs

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
                             Boot microcode        : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.08
                             Number of accelerators: 1

 0: Ext: Ethernet0/0         : address is 0021.a049.38dc, irq 9
 1: Ext: Ethernet0/1         : address is 0021.a049.38dd, irq 9
 2: Ext: Ethernet0/2         : address is 0021.a049.38de, irq 9
 3: Ext: Ethernet0/3         : address is 0021.a049.38df, irq 9
 4: Ext: Management0/0       : address is 0021.a049.38e0, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 50             perpetual

Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 0              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 250            perpetual
Total VPN Peers                   : 250            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has a Base license.

Serial Number: JMX1302LABC
             
Configuration register is 0x1
Configuration has not been modified since last system restart.

ciscoasa# show interface ip brief
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                unassigned      YES unset  administratively down down
Ethernet0/1                192.168.1.2     YES CONFIG up                    up 
Ethernet0/2                unassigned      YES unset  administratively down down
Ethernet0/3                unassigned      YES unset  administratively down down
Management0/0              unassigned      YES unset  administratively down down

ciscoasa# copy tftp://192.168.1.1/asdm-743.bin flash   // COMPATIBLE ASDM
Address or name of remote host [192.168.1.1]?
Source filename [asdm-743.bin]?
Destination filename [asdm-743.bin]?

Accessing tftp://192.168.1.1/asdm-743.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<OUTPUT TRUNCATED>

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

24810876 bytes copied in 33.580 secs (751844 bytes/sec)

ciscoasa# configure terminal
ciscoasa(config)# asdm image disk0:/asdm-743.bin

ciscoasa# show run sc?

  scansafe 

ciscoasa# show run scansafe
ciscoasa# configure terminal

ciscoasa(config)# sc?

configure mode commands/options:
  scansafe 

ciscoasa(config)# scansafe ?

configure mode commands/options:
  general-options  To configure the Scansafe server and licence related details

ciscoasa(config)# scansafe gen

ciscoasa(config)# scansafe general-options ?

configure mode commands/options:
  <cr>

ciscoasa(config)# scansafe general-options

ciscoasa(cfg-scansafe)# ?

Scansafe general-options configuration commands:
  license      Specify the scansafe server license provided to you.
  no           Negate a command or set its defaults
  publickey    Specify the location of the scansafe public key file
  retry-count  Specify the number of consecutive attempts to be made before
               declaring the server dead
  server       Specify the scansafe server address and port

No comments:

Post a Comment