Here's a nice Cisco link in performing an FTD reimage back to the classic ASA software. First, reboot the FTD device using the reboot command in order to get into ROMMON mode.
Cisco Fire Linux OS v6.2.3 (build 13)
Cisco ASA5515-X Threat Defense v6.2.3 (build 83)
> reboot
This command will reboot the system. Continue?
Please enter 'YES' or 'NO': yes
Broadcast message from root@FTD-ASA5515X (Tue Oct 15 05:16:08 2019):
The system is going down for reboot NOW!
INIT: SwitchingStopping Cisco ASA5515-X Threat Defense......ok
Shutting down sfifd... [ OK ]
Clearing static routes
Unconfiguring default route [ OK ]
Unconfiguring address on br1 [ OK ]
Unconfiguring IPv6 [ OK ]
Downing interface [ OK ]
Stopping xinetd:
Stopping nscd... [ OK ]
Stopping system log daemon... [ OK ]
Stopping Threat Defense ...
Stopping system message bus: dbus. [ OK ]
Un-mounting disk partitions ...
mdadm: stopped /dev/md0
Stopping OpenBSD Secure Shell server: sshdstopped /usr/sbin/sshd (pid 5033)
Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 5037)
acpid: exiting
acpid.
Stopping system message bus: dbus.
Deconfiguring network interfaces... ifdown: interface br1 not configured
done.
Sending all processes the TERM signal...
Sending all processes the KILL signal...
Deactivating swap...
Unmounting local filesystems...
Rebooting... Cisco BIOS Version:9B2C108A
Build Date:05/22/2012 11:32:20
CPU Type: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz, 3059 MHz
Total Memory:8192 MB(DDR3 1333)
System memory:619 KB, Extended Memory:3573 MB
PCI Device Table:
Bus Dev Func VendID DevID Class IRQ
---------------------------------------------------------
00 00 00 8086 0040 Bridge Device
00 06 00 8086 0043 PCI Bridge,IRQ=11
00 16 00 8086 3B64 I/O Port Device,IRQ=11
00 1A 00 8086 3B3C USB Controller,IRQ=11
00 1C 00 8086 3B42 PCI Bridge,IRQ=10
00 1C 04 8086 3B4A PCI Bridge,IRQ=10
00 1C 05 8086 3B4C PCI Bridge,IRQ=11
00 1D 00 8086 3B34 USB Controller,IRQ=7
00 1E 00 8086 244E PCI Bridge
00 1F 00 8086 3B16 Bridge Device
00 1F 02 8086 3B22 SATA DPA,IRQ=5
00 1F 03 8086 3B30 SMBus,IRQ=11
01 00 00 10B5 8618 PCI Bridge,IRQ=11
02 01 00 10B5 8618 PCI Bridge,IRQ=10
02 03 00 10B5 8618 PCI Bridge,IRQ=5
02 05 00 10B5 8618 PCI Bridge,IRQ=10
02 07 00 10B5 8618 PCI Bridge,IRQ=5
02 09 00 10B5 8618 PCI Bridge,IRQ=10
02 0B 00 10B5 8618 PCI Bridge,IRQ=5
02 0D 00 10B5 8618 PCI Bridge,IRQ=10
02 0F 00 10B5 8618 PCI Bridge,IRQ=5
03 00 00 8086 10D3 Ethernet,IRQ=10
04 00 00 8086 10D3 Ethernet,IRQ=5
05 00 00 8086 10D3 Ethernet,IRQ=10
07 00 00 8086 10D3 Ethernet,IRQ=10
08 00 00 8086 10D3 Ethernet,IRQ=5
09 00 00 8086 10D3 Ethernet,IRQ=10
0B 00 00 177D 0010 Cavium Encryption,IRQ=11
0C 00 00 8086 10D3 Ethernet,IRQ=11
0D 00 00 1A03 1150 PCI Bridge,IRQ=10
0E 00 00 1A03 2000 VGA,IRQ=10
FF 00 00 8086 2C61 Bridge Device
FF 00 01 8086 2D01 Bridge Device
FF 02 00 8086 2D10 Bridge Device
FF 02 01 8086 2D11 Bridge Device
FF 02 02 8086 2D12 Bridge Device
FF 02 03 8086 2D13 Bridge Device
Booting from ROMMON
Cisco Systems ROMMON Version (2.1(9)8) #1: Wed Oct 26 17:14:40 PDT 2011
Hit ESC to get into ROMMON mode and erase the FTD image in the flash memory (disk0:).
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.
GigabitEthernet0/1
Link is DOWN
MAC Address: b0fa.eb97.72c9
Use ? for help.
rommon #0> erase disk0:
About to erase the selected device, this will erase
all files including configuration, and images.
Continue with erase? y/n [n]: y
Erasing Disk0:
............................................................................
............................................................................
<OUTPUT TRUNCATED>
................Done!
Configure an IP address on interface G0/1 in order to talk to a TFTP server. Use the tftpdnld command to temporarily boot to the classic ASA image.
rommon #1> interface gigabitethernet0/1
GigabitEthernet0/1
Link is UP
MAC Address: b0fa.eb97.72c9
rommon #2> address 192.168.1.2
rommon #3> netmask 255.255.255.0
Invalid or incorrect command. Use 'help' for help.
rommon #3> ?
Variables: Use "sync" to store in NVRAM
ADDRESS= <addr> local IP address
CONFIG= <name> config file path/name
GATEWAY= <addr> gateway IP address
IMAGE= <name> image file path/name
LINKTIMEOUT= <num> Link UP timeout (seconds)
PKTTIMEOUT= <num> packet timeout (seconds)
PORT= <name> ethernet interface port
RETRY= <num> Packet Retry Count (Ping/TFTP)
SERVER= <addr> server IP address
VLAN= <num> enable/disable DOT1Q tagging on the selected port
Commands:
? valid command list
address <addr> local IP address
boot <args> boot an image, valid args are:
- "image file spec" and/or
- "cfg=<config file spec>"
clear clear interface statistics
confreg <value> set hex configuration register
dev display platform interface devices
erase <arg> erase storage media
file <name> application image file path/name
gateway <addr> gateway IP address
gdb <cmd> edit image gdb settings
help valid command list
history display command history
interface <name> ethernet interface port
no <feat> clear feature settings
ping <addr> send ICMP echo
reboot halt and reboot system
reload halt and reboot system
repeat <arg> repeat previous command, valid arguments:
- no arg: repeat last command
- number: index into command history table
- string: most recent 1st arg match in command history table
reset halt and reboot system
server <addr> server IP address
set display all variable settings
show <cmd> display cmd-specific information
sync save variable settings in NVRAM
tftpdnld TFTP download
timeout <num> packet timeout (seconds)
trace toggle packet tracing
unset <varname> unset a variable name
rommon #4> server 192.168.1.1
rommon #5> file asa984-10-smp-k8.bin
rommon #6> set
ROMMON Variable Settings:
ADDRESS=192.168.1.2
SERVER=192.168.1.1
GATEWAY=192.168.1.1
PORT=GigabitEthernet0/1
VLAN=untagged
IMAGE=asa984-10-smp-k8.bin
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20
rommon #7> sync
Updating NVRAM Parameters...
rommon #8> ping 192.168.1.1
Sending 20, 100-byte ICMP Echoes to 192.168.1.1, timeout is 4 seconds:
?!!!!!!!!!!!!!!!!!!!
Success rate is 95 percent (19/20)
rommon #9> ping 192.168.1.1
Sending 20, 100-byte ICMP Echoes to 192.168.1.1, timeout is 4 seconds:
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (20/20)
rommon #10> tftpdnld
ROMMON Variable Settings:
ADDRESS=192.168.1.2
SERVER=192.168.1.1
GATEWAY=192.168.1.1
PORT=GigabitEthernet0/1
VLAN=untagged
IMAGE=asa984-10-smp-k8.bin
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20
tftp asa984-10-smp-k8.bin@192.168.1.1 via 192.168.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Received 111550464 bytes
Launching TFTP Image...
Execute image at 0x14000
Cisco Security Appliance admin loader (3.0) #0: Tue Aug 20 12:46:08 PDT 2019
Platform ASA5515
Loading...
IO memory blocks requested from bigphys 32bit: 41217
INIT: version 2.88 booting
Starting udev
Configuring network interfaces... done.
Populating dev cache
IPMI over LAN not active
Loading...
Application cryptographic hash verified
IO Memory Nodes: 1
IO Memory Per Node: 169869312 bytes
Global Reserve Memory Per Node: 509607936 bytes Nodes=1
LCMB: got 169869312 bytes on numa-id=0, phys=0x1a1800000, virt=0x2aaaab000000
LCMB: HEAP-CACHE POOL got 507510784 bytes on numa-id=0, virt=0x7fccb4e00000
LCMB: HEAP-CACHE POOL got 2097152 bytes on numa-id=0, virt=0x2aaaaac00000
Processor memory: 4266142198
M_MMAP_THRESHOLD 65536, M_MMAP_MAX 65096
POST started...
POST finished, result is 0 (hint: 1 means it failed)
Compiled on Tue 20-Aug-19 12:51 PDT by builders
Total NICs found: 12
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 06 MAC: b0fa.eb97.72cb
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 05 MAC: b0fa.eb97.72ce
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 04 MAC: b0fa.eb97.72ca
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 03 MAC: b0fa.eb97.72cd
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 02 MAC: b0fa.eb97.72c9
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 01 MAC: b0fa.eb97.72cc
i82574L rev00 Gigabit Ethernet @ irq11 dev 0 index 00 MAC: b0fa.eb97.72c8
ivshmem rev03 Backplane Data Interface @ index 07 MAC: 0000.0001.0002
en_vtun rev00 Backplane Control Interface @ index 08 MAC: 0000.0001.0001
en_vtun rev00 Backplane Int-Mgmt Interface @ index 09 MAC: 0000.0001.0003
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 10 MAC: 0000.0000.0000
en_vtun rev00 Backplane Tap Interface @ index 11 MAC: 0000.0100.0001
WARNING: Attribute already exists in the dictionary.
WARNING: Attribute already exists in the dictionary.
INFO: Unable to read firewall mode from flash
Writing default firewall mode (single) to flash
INFO: Unable to read cluster interface-mode from flash
Writing default mode "None" to flash
Verify the activation-key, it might take a while...
Failed to retrieve permanent activation key.
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
The Running Activation Key is not valid, using default settings:
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Disabled perpetual // NOTICE THE LICENSE IS DISABED
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA 5515 Security Plus license.
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
The 3DES/AES algorithms require a Encryption-3DES-AES activation key.
The 3DES/AES algorithms require a Encryption-3DES-AES activation key.
Cisco Adaptive Security Appliance Software Version 9.8(4)10
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Cisco Adaptive Security Appliance Software, version 9.8
Copyright (c) 1996-2019 by Cisco Systems, Inc.
For licenses and notices for open source software used in this product, please visit
http://www.cisco.com/go/asa-opensource
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Insufficient flash space available for this request:
Size info: request:32 free:0 delta:32
Could not initialize system files in flash.
config_fetcher: channel open failed
ERROR: MIGRATION - Could not get the startup configuration.
INFO: Power-On Self-Test in process.
.......................
INFO: Power-On Self-Test complete.
INFO: Starting HW-DRBG health test...
INFO: HW-DRBG health test passed.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
Pre-configure Firewall now through interactive prompts [yes]? no
ERROR: Inspect configuration of this type exists, first remove
that configuration and then add the new configuration
User enable_1 logged in to ciscoasa
Logins over the last 1 days: 1.
Failed logins since the last login: 0.
Type help or '?' for a list of available commands.
ciscoasa> CXSC module is no longer supported and was prevented from booting
Consider uninstalling the unsupported CXSC module with the command รข€˜sw-module module cxsc uninstall'
Notice the flash memory doesn't contain any ASA image file. Format the flash memory using the format disk0: command.
ciscoasa> enable
Password:<ENTER>
ciscoasa# dir
Directory of disk0:/
11408 drw- 0 05:53:07 Oct 15 2019 coredumpinfo
11313 drw- 0 05:53:06 Oct 15 2019 crypto_archive
9121 drwx 0 05:52:26 Oct 15 2019 log
0 file(s) total size: 0 bytes
0 bytes total (0 bytes free/-2147483648% free)
ciscoasa# format disk0:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "disk0:". Continue? [confirm]
Initializing partition - done!
Creating FAT32 filesystem
mkdosfs 2.11 (12 Mar 2005)
System tables written to disk
Format of disk0 complete
ciscoasa#
ciscoasa# dir
Directory of disk0:/
No files in directory
0 file(s) total size: 0 bytes
7994437632 bytes total (7994404864 bytes free/99% free)
Configure an IP address and perform FTP (faster compared to TFTP) to transfer the ASA image and ASDM into flash.
ciscoasa# configure terminal
ciscoasa(config)#
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall
Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later:
ciscoasa(config)# interface g0/1
ciscoasa(config-if)# ip address 192.168.1.2 255.255.255.0
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# end
ciscoasa# ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa# copy ftp://ftp:ftp123@192.168.1.1/asa984-10-smp-k8.bin disk0:
Address or name of remote host [192.168.1.1]?
Source username [ftp]?
Source password [ftp123]?
Source filename [asa984-10-smp-k8.bin]?
Destination filename [asa984-10-smp-k8.bin]?
Accessing ftp://ftp:ftp123@192.168.1.1/asa984-10-smp-k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Verifying file disk0:/asa984-10-smp-k8.bin...
Writing file disk0:/asa984-10-smp-k8.bin...
111550464 bytes copied in 20.650 secs (5577523 bytes/sec)
ciscoasa# copy ftp://ftp:ftp123@192.168.1.1/asdm-7122.bin disk0:
Address or name of remote host [192.168.1.1]?
Source username [ftp]?
Source password [ftp123]?
Source filename [asdm-7122.bin]?
Destination filename [asdm-7122.bin]?
Accessing ftp://ftp:ftp123@192.168.1.1/asdm 7122.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Verifying file disk0:/asdm-7122.bin...
Writing file disk0:/asdm-7122.bin...
33696792 bytes copied in 4.340 secs (8424198 bytes/sec)
ciscoasa# dir
Directory of disk0:/
10 -rwx 111550464 06:02:41 Oct 15 2019 asa984-10-smp-k8.bin
11 -rwx 33696792 06:04:16 Oct 15 2019 asdm-7122.bin
2 file(s) total size: 145247256 bytes
7994437632 bytes total (7849156608 bytes free/98% free)
Configure the boot image and ASDM then reboot the ASA using the reload command.
ciscoasa# configure terminal
ciscoasa(config)# boot system ?
configure mode commands/options:
disk0: Path and filename on disk0:
disk1: Path and filename on disk1:
flash: Path and filename on flash:
tftp: A URL beginning with this prefix.
ciscoasa(config)# boot system disk0:/asa984-10-smp-k8.bin
ciscoasa(config)# asdm image disk0:/asdm-7122.bin
ciscoasa# write memory
Building configuration...
Cryptochecksum: 801d6416 f4b10718 088ffb01 b74c9915
3480 bytes copied in 0.750 secs
[OK]
ciscoasa# reload
Proceed with reload? [confirm]
ciscoasa#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down sw-module
Shutting down License Controller
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting... (status 0x9)
..
INIT: Sending processes the TERM signal
Deconfiguring network interfaces... done.
Sending all processes the TERM signal...
Sending all processes the KILL signal...
Deactivating swap...
Unmounting local filesystems...
Rebooting...
<OUTPUT TRUNCATED>
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 9.8(4)10
Firepower Extensible Operating System Version 2.2(2.121)
Device Manager Version 7.12(2)
Compiled on Tue 20-Aug-19 12:51 PDT by builders
System image file is "disk0:/asa984-10-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 1 min 40 secs
Hardware: ASA5515, 8192 MB RAM, CPU Clarkdale 3058 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is b0fa.eb97.72c8, irq 11
1: Ext: GigabitEthernet0/0 : address is b0fa.eb97.72cc, irq 10
2: Ext: GigabitEthernet0/1 : address is b0fa.eb97.72c9, irq 10
3: Ext: GigabitEthernet0/2 : address is b0fa.eb97.72cd, irq 5
4: Ext: GigabitEthernet0/3 : address is b0fa.eb97.72ca, irq 5
5: Ext: GigabitEthernet0/4 : address is b0fa.eb97.72ce, irq 10
6: Ext: GigabitEthernet0/5 : address is b0fa.eb97.72cb, irq 10
7: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
8: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
9: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
10: Ext: Management0/0 : address is b0fa.eb97.72c8, irq 0
11: Int: Internal-Data0/3 : address is 0000.0100.0001, irq 0
The Running Activation Key is not valid, using default settings:
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Disabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA 5515 Security Plus license.
Serial Number: FCH1704J123
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
Configuration register is 0x1
Image type : Release
Key version : A
Configuration has not been modified since last system restart.
The 3DES/AES license sometimes get corrupted or removed during an ASA image upgrade or converting to FTD. This license is used to support crypto related commands in order to configure IPSec on the ASA. It's important to always backup the ASA activation key when performing an upgrade.
ciscoasa# activation-key 0x022ceb6a 0x98a0f168 0x0160d178 0xe22c1884 0xc2131234
Validating activation key. This may take a few minutes...
Failed to retrieve permanent activation key.
Both Running and Flash permanent activation key was updated with the requested key.
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 9.8(4)10
Firepower Extensible Operating System Version 2.2(2.121)
Device Manager Version 7.12(2)
Compiled on Tue 20-Aug-19 12:51 PDT by builders
System image file is "disk0:/asa984-10-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 2 mins 0 secs
Hardware: ASA5515, 8192 MB RAM, CPU Clarkdale 3058 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is b0fa.eb97.72c8, irq 11
1: Ext: GigabitEthernet0/0 : address is b0fa.eb97.72cc, irq 10
2: Ext: GigabitEthernet0/1 : address is b0fa.eb97.72c9, irq 10
3: Ext: GigabitEthernet0/2 : address is b0fa.eb97.72cd, irq 5
4: Ext: GigabitEthernet0/3 : address is b0fa.eb97.72ca, irq 5
5: Ext: GigabitEthernet0/4 : address is b0fa.eb97.72ce, irq 10
6: Ext: GigabitEthernet0/5 : address is b0fa.eb97.72cb, irq 10
7: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
8: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
9: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
10: Ext: Management0/0 : address is b0fa.eb97.72c8, irq 0
11: Int: Internal-Data0/3 : address is 0000.0100.0001, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual
This platform has an ASA 5515 Security Plus license.
Serial Number: FCH1704J123
Running Permanent Activation Key: 0x022ceb6a 0x98a0f168 0x0160d178 0xe22c1884 0xc2131234
Configuration register is 0x1
Image type : Release
Key version : A
Configuration has not been modified since last system restart.
Cisco Fire Linux OS v6.2.3 (build 13)
Cisco ASA5515-X Threat Defense v6.2.3 (build 83)
> reboot
This command will reboot the system. Continue?
Please enter 'YES' or 'NO': yes
Broadcast message from root@FTD-ASA5515X (Tue Oct 15 05:16:08 2019):
The system is going down for reboot NOW!
INIT: SwitchingStopping Cisco ASA5515-X Threat Defense......ok
Shutting down sfifd... [ OK ]
Clearing static routes
Unconfiguring default route [ OK ]
Unconfiguring address on br1 [ OK ]
Unconfiguring IPv6 [ OK ]
Downing interface [ OK ]
Stopping xinetd:
Stopping nscd... [ OK ]
Stopping system log daemon... [ OK ]
Stopping Threat Defense ...
Stopping system message bus: dbus. [ OK ]
Un-mounting disk partitions ...
mdadm: stopped /dev/md0
Stopping OpenBSD Secure Shell server: sshdstopped /usr/sbin/sshd (pid 5033)
Stopping Advanced Configuration and Power Interface daemon: stopped /usr/sbin/acpid (pid 5037)
acpid: exiting
acpid.
Stopping system message bus: dbus.
Deconfiguring network interfaces... ifdown: interface br1 not configured
done.
Sending all processes the TERM signal...
Sending all processes the KILL signal...
Deactivating swap...
Unmounting local filesystems...
Rebooting... Cisco BIOS Version:9B2C108A
Build Date:05/22/2012 11:32:20
CPU Type: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz, 3059 MHz
Total Memory:8192 MB(DDR3 1333)
System memory:619 KB, Extended Memory:3573 MB
PCI Device Table:
Bus Dev Func VendID DevID Class IRQ
---------------------------------------------------------
00 00 00 8086 0040 Bridge Device
00 06 00 8086 0043 PCI Bridge,IRQ=11
00 16 00 8086 3B64 I/O Port Device,IRQ=11
00 1A 00 8086 3B3C USB Controller,IRQ=11
00 1C 00 8086 3B42 PCI Bridge,IRQ=10
00 1C 04 8086 3B4A PCI Bridge,IRQ=10
00 1C 05 8086 3B4C PCI Bridge,IRQ=11
00 1D 00 8086 3B34 USB Controller,IRQ=7
00 1E 00 8086 244E PCI Bridge
00 1F 00 8086 3B16 Bridge Device
00 1F 02 8086 3B22 SATA DPA,IRQ=5
00 1F 03 8086 3B30 SMBus,IRQ=11
01 00 00 10B5 8618 PCI Bridge,IRQ=11
02 01 00 10B5 8618 PCI Bridge,IRQ=10
02 03 00 10B5 8618 PCI Bridge,IRQ=5
02 05 00 10B5 8618 PCI Bridge,IRQ=10
02 07 00 10B5 8618 PCI Bridge,IRQ=5
02 09 00 10B5 8618 PCI Bridge,IRQ=10
02 0B 00 10B5 8618 PCI Bridge,IRQ=5
02 0D 00 10B5 8618 PCI Bridge,IRQ=10
02 0F 00 10B5 8618 PCI Bridge,IRQ=5
03 00 00 8086 10D3 Ethernet,IRQ=10
04 00 00 8086 10D3 Ethernet,IRQ=5
05 00 00 8086 10D3 Ethernet,IRQ=10
07 00 00 8086 10D3 Ethernet,IRQ=10
08 00 00 8086 10D3 Ethernet,IRQ=5
09 00 00 8086 10D3 Ethernet,IRQ=10
0B 00 00 177D 0010 Cavium Encryption,IRQ=11
0C 00 00 8086 10D3 Ethernet,IRQ=11
0D 00 00 1A03 1150 PCI Bridge,IRQ=10
0E 00 00 1A03 2000 VGA,IRQ=10
FF 00 00 8086 2C61 Bridge Device
FF 00 01 8086 2D01 Bridge Device
FF 02 00 8086 2D10 Bridge Device
FF 02 01 8086 2D11 Bridge Device
FF 02 02 8086 2D12 Bridge Device
FF 02 03 8086 2D13 Bridge Device
Booting from ROMMON
Cisco Systems ROMMON Version (2.1(9)8) #1: Wed Oct 26 17:14:40 PDT 2011
Hit ESC to get into ROMMON mode and erase the FTD image in the flash memory (disk0:).
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.
GigabitEthernet0/1
Link is DOWN
MAC Address: b0fa.eb97.72c9
Use ? for help.
rommon #0> erase disk0:
About to erase the selected device, this will erase
all files including configuration, and images.
Continue with erase? y/n [n]: y
Erasing Disk0:
............................................................................
............................................................................
<OUTPUT TRUNCATED>
................Done!
Configure an IP address on interface G0/1 in order to talk to a TFTP server. Use the tftpdnld command to temporarily boot to the classic ASA image.
rommon #1> interface gigabitethernet0/1
GigabitEthernet0/1
Link is UP
MAC Address: b0fa.eb97.72c9
rommon #2> address 192.168.1.2
rommon #3> netmask 255.255.255.0
Invalid or incorrect command. Use 'help' for help.
rommon #3> ?
Variables: Use "sync" to store in NVRAM
ADDRESS= <addr> local IP address
CONFIG= <name> config file path/name
GATEWAY= <addr> gateway IP address
IMAGE= <name> image file path/name
LINKTIMEOUT= <num> Link UP timeout (seconds)
PKTTIMEOUT= <num> packet timeout (seconds)
PORT= <name> ethernet interface port
RETRY= <num> Packet Retry Count (Ping/TFTP)
SERVER= <addr> server IP address
VLAN= <num> enable/disable DOT1Q tagging on the selected port
Commands:
? valid command list
address <addr> local IP address
boot <args> boot an image, valid args are:
- "image file spec" and/or
- "cfg=<config file spec>"
clear clear interface statistics
confreg <value> set hex configuration register
dev display platform interface devices
erase <arg> erase storage media
file <name> application image file path/name
gateway <addr> gateway IP address
gdb <cmd> edit image gdb settings
help valid command list
history display command history
interface <name> ethernet interface port
no <feat> clear feature settings
ping <addr> send ICMP echo
reboot halt and reboot system
reload halt and reboot system
repeat <arg> repeat previous command, valid arguments:
- no arg: repeat last command
- number: index into command history table
- string: most recent 1st arg match in command history table
reset halt and reboot system
server <addr> server IP address
set display all variable settings
show <cmd> display cmd-specific information
sync save variable settings in NVRAM
tftpdnld TFTP download
timeout <num> packet timeout (seconds)
trace toggle packet tracing
unset <varname> unset a variable name
rommon #4> server 192.168.1.1
rommon #5> file asa984-10-smp-k8.bin
rommon #6> set
ROMMON Variable Settings:
ADDRESS=192.168.1.2
SERVER=192.168.1.1
GATEWAY=192.168.1.1
PORT=GigabitEthernet0/1
VLAN=untagged
IMAGE=asa984-10-smp-k8.bin
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20
rommon #7> sync
Updating NVRAM Parameters...
rommon #8> ping 192.168.1.1
Sending 20, 100-byte ICMP Echoes to 192.168.1.1, timeout is 4 seconds:
?!!!!!!!!!!!!!!!!!!!
Success rate is 95 percent (19/20)
rommon #9> ping 192.168.1.1
Sending 20, 100-byte ICMP Echoes to 192.168.1.1, timeout is 4 seconds:
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (20/20)
rommon #10> tftpdnld
ROMMON Variable Settings:
ADDRESS=192.168.1.2
SERVER=192.168.1.1
GATEWAY=192.168.1.1
PORT=GigabitEthernet0/1
VLAN=untagged
IMAGE=asa984-10-smp-k8.bin
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20
tftp asa984-10-smp-k8.bin@192.168.1.1 via 192.168.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Received 111550464 bytes
Launching TFTP Image...
Execute image at 0x14000
Cisco Security Appliance admin loader (3.0) #0: Tue Aug 20 12:46:08 PDT 2019
Platform ASA5515
Loading...
IO memory blocks requested from bigphys 32bit: 41217
INIT: version 2.88 booting
Starting udev
Configuring network interfaces... done.
Populating dev cache
IPMI over LAN not active
Loading...
Application cryptographic hash verified
IO Memory Nodes: 1
IO Memory Per Node: 169869312 bytes
Global Reserve Memory Per Node: 509607936 bytes Nodes=1
LCMB: got 169869312 bytes on numa-id=0, phys=0x1a1800000, virt=0x2aaaab000000
LCMB: HEAP-CACHE POOL got 507510784 bytes on numa-id=0, virt=0x7fccb4e00000
LCMB: HEAP-CACHE POOL got 2097152 bytes on numa-id=0, virt=0x2aaaaac00000
Processor memory: 4266142198
M_MMAP_THRESHOLD 65536, M_MMAP_MAX 65096
POST started...
POST finished, result is 0 (hint: 1 means it failed)
Compiled on Tue 20-Aug-19 12:51 PDT by builders
Total NICs found: 12
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 06 MAC: b0fa.eb97.72cb
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 05 MAC: b0fa.eb97.72ce
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 04 MAC: b0fa.eb97.72ca
i82574L rev00 Gigabit Ethernet @ irq05 dev 0 index 03 MAC: b0fa.eb97.72cd
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 02 MAC: b0fa.eb97.72c9
i82574L rev00 Gigabit Ethernet @ irq10 dev 0 index 01 MAC: b0fa.eb97.72cc
i82574L rev00 Gigabit Ethernet @ irq11 dev 0 index 00 MAC: b0fa.eb97.72c8
ivshmem rev03 Backplane Data Interface @ index 07 MAC: 0000.0001.0002
en_vtun rev00 Backplane Control Interface @ index 08 MAC: 0000.0001.0001
en_vtun rev00 Backplane Int-Mgmt Interface @ index 09 MAC: 0000.0001.0003
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 10 MAC: 0000.0000.0000
en_vtun rev00 Backplane Tap Interface @ index 11 MAC: 0000.0100.0001
WARNING: Attribute already exists in the dictionary.
WARNING: Attribute already exists in the dictionary.
INFO: Unable to read firewall mode from flash
Writing default firewall mode (single) to flash
INFO: Unable to read cluster interface-mode from flash
Writing default mode "None" to flash
Verify the activation-key, it might take a while...
Failed to retrieve permanent activation key.
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
The Running Activation Key is not valid, using default settings:
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Disabled perpetual // NOTICE THE LICENSE IS DISABED
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA 5515 Security Plus license.
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
The 3DES/AES algorithms require a Encryption-3DES-AES activation key.
The 3DES/AES algorithms require a Encryption-3DES-AES activation key.
Cisco Adaptive Security Appliance Software Version 9.8(4)10
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Cisco Adaptive Security Appliance Software, version 9.8
Copyright (c) 1996-2019 by Cisco Systems, Inc.
For licenses and notices for open source software used in this product, please visit
http://www.cisco.com/go/asa-opensource
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Insufficient flash space available for this request:
Size info: request:32 free:0 delta:32
Could not initialize system files in flash.
config_fetcher: channel open failed
ERROR: MIGRATION - Could not get the startup configuration.
INFO: Power-On Self-Test in process.
.......................
INFO: Power-On Self-Test complete.
INFO: Starting HW-DRBG health test...
INFO: HW-DRBG health test passed.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
Pre-configure Firewall now through interactive prompts [yes]? no
ERROR: Inspect configuration of this type exists, first remove
that configuration and then add the new configuration
User enable_1 logged in to ciscoasa
Logins over the last 1 days: 1.
Failed logins since the last login: 0.
Type help or '?' for a list of available commands.
ciscoasa> CXSC module is no longer supported and was prevented from booting
Consider uninstalling the unsupported CXSC module with the command รข€˜sw-module module cxsc uninstall'
Notice the flash memory doesn't contain any ASA image file. Format the flash memory using the format disk0: command.
ciscoasa> enable
Password:<ENTER>
ciscoasa# dir
Directory of disk0:/
11408 drw- 0 05:53:07 Oct 15 2019 coredumpinfo
11313 drw- 0 05:53:06 Oct 15 2019 crypto_archive
9121 drwx 0 05:52:26 Oct 15 2019 log
0 file(s) total size: 0 bytes
0 bytes total (0 bytes free/-2147483648% free)
ciscoasa# format disk0:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "disk0:". Continue? [confirm]
Initializing partition - done!
Creating FAT32 filesystem
mkdosfs 2.11 (12 Mar 2005)
System tables written to disk
Format of disk0 complete
ciscoasa#
ciscoasa# dir
Directory of disk0:/
No files in directory
0 file(s) total size: 0 bytes
7994437632 bytes total (7994404864 bytes free/99% free)
Configure an IP address and perform FTP (faster compared to TFTP) to transfer the ASA image and ASDM into flash.
ciscoasa# configure terminal
ciscoasa(config)#
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall
Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later:
ciscoasa(config)# interface g0/1
ciscoasa(config-if)# ip address 192.168.1.2 255.255.255.0
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# end
ciscoasa# ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa# copy ftp://ftp:ftp123@192.168.1.1/asa984-10-smp-k8.bin disk0:
Address or name of remote host [192.168.1.1]?
Source username [ftp]?
Source password [ftp123]?
Source filename [asa984-10-smp-k8.bin]?
Destination filename [asa984-10-smp-k8.bin]?
Accessing ftp://ftp:ftp123@192.168.1.1/asa984-10-smp-k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Verifying file disk0:/asa984-10-smp-k8.bin...
Writing file disk0:/asa984-10-smp-k8.bin...
111550464 bytes copied in 20.650 secs (5577523 bytes/sec)
ciscoasa# copy ftp://ftp:ftp123@192.168.1.1/asdm-7122.bin disk0:
Address or name of remote host [192.168.1.1]?
Source username [ftp]?
Source password [ftp123]?
Source filename [asdm-7122.bin]?
Destination filename [asdm-7122.bin]?
Accessing ftp://ftp:ftp123@192.168.1.1/asdm 7122.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<OUTPUT TRUNCATED>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Verifying file disk0:/asdm-7122.bin...
Writing file disk0:/asdm-7122.bin...
33696792 bytes copied in 4.340 secs (8424198 bytes/sec)
ciscoasa# dir
Directory of disk0:/
10 -rwx 111550464 06:02:41 Oct 15 2019 asa984-10-smp-k8.bin
11 -rwx 33696792 06:04:16 Oct 15 2019 asdm-7122.bin
2 file(s) total size: 145247256 bytes
7994437632 bytes total (7849156608 bytes free/98% free)
Configure the boot image and ASDM then reboot the ASA using the reload command.
ciscoasa# configure terminal
ciscoasa(config)# boot system ?
configure mode commands/options:
disk0: Path and filename on disk0:
disk1: Path and filename on disk1:
flash: Path and filename on flash:
tftp: A URL beginning with this prefix.
ciscoasa(config)# boot system disk0:/asa984-10-smp-k8.bin
ciscoasa(config)# asdm image disk0:/asdm-7122.bin
ciscoasa# write memory
Building configuration...
Cryptochecksum: 801d6416 f4b10718 088ffb01 b74c9915
3480 bytes copied in 0.750 secs
[OK]
ciscoasa# reload
Proceed with reload? [confirm]
ciscoasa#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down sw-module
Shutting down License Controller
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting... (status 0x9)
..
INIT: Sending processes the TERM signal
Deconfiguring network interfaces... done.
Sending all processes the TERM signal...
Sending all processes the KILL signal...
Deactivating swap...
Unmounting local filesystems...
Rebooting...
<OUTPUT TRUNCATED>
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 9.8(4)10
Firepower Extensible Operating System Version 2.2(2.121)
Device Manager Version 7.12(2)
Compiled on Tue 20-Aug-19 12:51 PDT by builders
System image file is "disk0:/asa984-10-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 1 min 40 secs
Hardware: ASA5515, 8192 MB RAM, CPU Clarkdale 3058 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is b0fa.eb97.72c8, irq 11
1: Ext: GigabitEthernet0/0 : address is b0fa.eb97.72cc, irq 10
2: Ext: GigabitEthernet0/1 : address is b0fa.eb97.72c9, irq 10
3: Ext: GigabitEthernet0/2 : address is b0fa.eb97.72cd, irq 5
4: Ext: GigabitEthernet0/3 : address is b0fa.eb97.72ca, irq 5
5: Ext: GigabitEthernet0/4 : address is b0fa.eb97.72ce, irq 10
6: Ext: GigabitEthernet0/5 : address is b0fa.eb97.72cb, irq 10
7: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
8: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
9: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
10: Ext: Management0/0 : address is b0fa.eb97.72c8, irq 0
11: Int: Internal-Data0/3 : address is 0000.0100.0001, irq 0
The Running Activation Key is not valid, using default settings:
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Disabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA 5515 Security Plus license.
Serial Number: FCH1704J123
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
Configuration register is 0x1
Image type : Release
Key version : A
Configuration has not been modified since last system restart.
The 3DES/AES license sometimes get corrupted or removed during an ASA image upgrade or converting to FTD. This license is used to support crypto related commands in order to configure IPSec on the ASA. It's important to always backup the ASA activation key when performing an upgrade.
ciscoasa# activation-key 0x022ceb6a 0x98a0f168 0x0160d178 0xe22c1884 0xc2131234
Validating activation key. This may take a few minutes...
Failed to retrieve permanent activation key.
Both Running and Flash permanent activation key was updated with the requested key.
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 9.8(4)10
Firepower Extensible Operating System Version 2.2(2.121)
Device Manager Version 7.12(2)
Compiled on Tue 20-Aug-19 12:51 PDT by builders
System image file is "disk0:/asa984-10-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 2 mins 0 secs
Hardware: ASA5515, 8192 MB RAM, CPU Clarkdale 3058 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is b0fa.eb97.72c8, irq 11
1: Ext: GigabitEthernet0/0 : address is b0fa.eb97.72cc, irq 10
2: Ext: GigabitEthernet0/1 : address is b0fa.eb97.72c9, irq 10
3: Ext: GigabitEthernet0/2 : address is b0fa.eb97.72cd, irq 5
4: Ext: GigabitEthernet0/3 : address is b0fa.eb97.72ca, irq 5
5: Ext: GigabitEthernet0/4 : address is b0fa.eb97.72ce, irq 10
6: Ext: GigabitEthernet0/5 : address is b0fa.eb97.72cb, irq 10
7: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
8: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
9: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
10: Ext: Management0/0 : address is b0fa.eb97.72c8, irq 0
11: Int: Internal-Data0/3 : address is 0000.0100.0001, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual
This platform has an ASA 5515 Security Plus license.
Serial Number: FCH1704J123
Running Permanent Activation Key: 0x022ceb6a 0x98a0f168 0x0160d178 0xe22c1884 0xc2131234
Configuration register is 0x1
Image type : Release
Key version : A
Configuration has not been modified since last system restart.