Anda di halaman 1dari 12

Cisco SMB Support Assistant

Cisco | Cisco SMB Support Assistant

Profile |

Contacts & Feedback |

Help

Recover the Image on an ASA 5500 Series Security Appliance


Home

> Work With My Security Devices > Cisco Security Appliances > Recover the Image on an ASA 5500 Series Security Appliance
Service Requests

Recover the Image on an ASA 5500 Series Security Appliance


Open a service request Update a service request

Introduction Requirements Prepare to Recover the Image Obtain Software Set Up the TFTP Server Open a Terminal Connection Recover the Image Next Step Troubleshoot the Procedure Related Information

Feedback Download PDF

Recover the Image on an ASA 5500 Series Security Appliance

Please rate this site: ++ + +/--

Suggestions for improvement:

Introduction
This document provides instructions to reinstall the software image on your ASA 5500 series Security Appliance. This document applies to both ASA 5510 and ASA 5505 Adaptive Security Appliance devices. You need to reinstall the software image in either of these scenarios:
G

If Cisco may contact you for more details or for future feedback opportunities, please enter your contact information: Full Name: Email:

You reset the ASA 5500 password with password discovery disabled The ASA software image is damaged or corrupted

Submit

Note: Some command-line output in this document has been truncated for clarity and improved usability. Back to Top

Requirements
To perform the steps described in this document, you need to have this equipment:
http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (1 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

Physical access to the ASA A Windows PC with terminal-emulation software, such as HyperTerminal A straight-through Ethernet cable. For more information about cables, refer to Cable Descriptions. A console cable or a rolled cable with an adapter. For more information about cables, refer to Cable Descriptions.

TFTP Server software. For more information about TFTP software, refer to Set Up a TFTP Server. Approximately one hour of network downtime

Back to Top

Prepare to Recover the Image


Follow these steps to prepare your network to recover the image on the ASA 5500 Series Security Appliance: Obtain Software Before you begin, contact the SMB Technical Assistance Center (SMB TAC) to obtain these images:
G

A Cisco software image for the ASA 5500 Series Security Appliance An image for Adaptive Security Device Manager

Set Up the TFTP Server Follow these steps to set up the TFTP server: 1. Connect a straight-through Ethernet cable from PC to the ethernet interface 0/0 of the ASA.

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (2 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

Note: The picture displays ASA 5510 model. Other series of ASA models looks different. Always connect the straight-through Ethernet cable from PC to the first Ethernet interface of the ASA. 2. Ensure that the ASA software image and the ASDM image are in the TFTP root directory for your TFTP application. For more information about TFTP software, refer to Set Up a TFTP Server. 3. Change your PC IP address to 192.168.1.2. For more information about how to change your IP address, refer to Configure an IP Address on Your PC. 4. Leave the TFTP Server software open so that the ASA can download the images from your PC. Open a Terminal Connection You need a console access to your security appliance in order to reset the password. Follow these steps to set up console access to the security appliance: 1. Connect the RJ-45 connector of the console cable into the console port on the rear panel of the security appliance. Connect the DB-9 connector to the PC serial port. On your PC choose Start > Programs > Accessories > Communications > HyperTerminal to open HyperTerminal. For additional information on how to connect a terminal to the console port, refer to Create a HyperTerminal Connection. 2. Create a connection with these terminal settings.
H

Bits per second (baud): 9600 Data bits: 8 Parity: None Stop bits: 1 Flow Control: None

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (3 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

Back to Top

Recover the Image


Follow these steps to recover the image on the ASA security appliance: 1. If the ASA is missing its software image, it reboots continuously. If you need to break a continuous reboot cycle, watch the startup messages that the ASA displays during boot. When the ASA displays Use BREAK or ESC to interrupt boot, press Escape. Note: If your ASA does not continuously reboot, proceed to the next step.
Booting system, please wait...

CISCO SYSTEMS Embedded BIOS Version 1.0(10)0 03/25/05 22:42:05.25 Low Memory: 631 KB High Memory: 256 MB PCI Device Table. Bus Dev Func VendID DevID Class Irq 00 00 00 8086 2578 Host Bridge 00 01 00 8086 2579 PCI-to-PCI Bridge
http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (4 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

00 00 00 00 00 00 00 00 00 00 00 00 02 03 03 03 03 03 04 04

03 1C 1D 1D 1D 1D 1D 1E 1F 1F 1F 1F 01 01 02 02 03 03 02 03

00 00 00 01 04 05 07 00 00 02 03 05 00 00 00 01 00 01 00 00

8086 8086 8086 8086 8086 8086 8086 8086 8086 8086 8086 8086 8086 177D 8086 8086 8086 8086 8086 8086

257B 25AE 25A9 25AA 25AB 25AC 25AD 244E 25A1 25A3 25A4 25A6 1075 0003 1079 1079 1079 1079 1209 1209

PCI-to-PCI Bridge PCI-to-PCI Bridge Serial Bus Serial Bus System IRQ Controller Serial Bus PCI-to-PCI Bridge ISA Bridge IDE Controller Serial Bus Audio Ethernet Encrypt/Decrypt Ethernet Ethernet Ethernet Ethernet Ethernet Ethernet

11 10

11 5 5 11 9 9 9 9 9 11 5

Evaluating BIOS Options ... Invalid Key: 001B Launch BIOS Extension to setup ROMMON Cisco Systems ROMMON Version (1.0(10)0) #0: Fri Mar 25 23:02:10 PST 2005 Platform ASA5510 Use BREAK or ESC to interrupt boot. Use SPACE to begin boot immediately. Boot interrupted. Use ? for help. rommon #0>

Note: If you are unable to break the boot process and the ASA reboots, repeat this step. 2. Type ADDRESS=192.168.1.1 and press Enter.
rommon #0>ADDRESS=192.168.1.1

3. Type IMAGE=filename.bin and press Enter.


rommon #1>IMAGE=asa704-k8.bin

4. Type PORT=Ethernet0/0 and press Enter.


rommon #2>PORT=Ethernet0/0
http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (5 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

Ethernet0/0 Link is UP MAC Address: 0013.c480.7a1e

5. Type SERVER=192.168.1.2 and press Enter.


rommon #3>SERVER=192.168.1.2

6. Type unset GATEWAY and press Enter.


rommon #3>unset GATEWAY

7. Type tftpdnld and press Enter.


rommon #4>tftpdnld ROMMON Variable Settings: ADDRESS=192.168.1.1 SERVER=192.168.1.2 GATEWAY=0.0.0.0 PORT=Ethernet0/0 VLAN=untagged IMAGE=asa704-k8.bin CONFIG= LINKTIMEOUT=20 PKTTIMEOUT=4 RETRY=20 tftp asa704-k8.bin@192.168.1.2 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Received 5437440 bytes Launching TFTP Image...

8. The ASA boots with the new image file.


Cisco PIX Security Appliance admin loader (3.0) #0: Thu Oct 13 21:07:02 PDT 2005 ################################################################################ ################################################################################

9. After the ASA boots, it displays the command prompt. Type enable and press Enter. Press Enter at the password prompt.
http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (6 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

cisco>enable Password: cisco#

Note: If you do not see the prompt after the ASA boots, press Enter to clear the output. 10. Type format disk0: and press Enter. Press Enter at each of the three confirm messages that appear.
cisco#format disk0: WARNING: Saving activation key file failed. Proceed with operation? [confirm] Format operation may take a while. Continue? [confirm] Format operation will destroy all data in "disk0:". Format: Drive communication & 1st Sector Write OK... Format: All system sectors written. OK... Format: Total sectors in formatted partition: 123104 Format Total bytes in formatted partition: 6302948 Format: Operation completed successfully. Format of disk0 complete cisco# Continue? [confirm]

11. Type configure terminal and press Enter.


cisco#configure terminal cisco(config)#

12. Type interface ethernet0/0 and press Enter.


cisco(config)#interface ethernet0/0 cisco(config-if)#

13. Type ip address 192.168.1.1 255.255.255.0 and press Enter.


cisco(config-if)# ip address 192.168.1.1 255.255.255.0

14. Type nameif inside and press Enter.


cisco(config-if)#nameif inside INFO: Security level for "inside" set to 100 by default.

15. Type no shut and press Enter.


http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (7 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

cisco(config-if)# no shut 16. Type exit and press Enter.


cisco(config-if)#exit cisco(config)#

17. Type route inside 0.0.0.0 0.0.0.0 192.168.1.2 and press Enter.
cisco(config)#route inside 0.0.0.0 0.0.0.0 192.168.1.2

18. Type end and press Enter.


cisco(config)#end cisco#

19. Type write memory and press Enter.


cisco#write memory Building configuration... Cryptochecksum: 332fb353 d7c0f574 9315ed84 3dc1192e 1213 bytes copied in 3.540 secs (404 bytes/sec) [OK]

20. Type copy tftp://192.168.1.2/asa704-k8.bin flash: and press Enter.


cisco#copy tftp://192.168.1.2/asa704-k8.bin flash: Address or name of remote host [192.168.1.2]? Source filename [asa704-k8.bin]? Destination filename [asa704-k8.bin]? Accessing tftp://192.168.1.2/asa704-k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!! Writing file disk0:/asa704-k8.bin... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 5437440 bytes copied in 251.880 secs (21663 bytes/sec)
http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (8 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

cisco#

21. Type copy tftp://192.168.1.2/asdm504.bin flash: and press Enter.


cisco# copy tftp://192.168.1.2/asdm504.bin flash: Address or name of remote host [192.168.1.2]? Source filename [asdm504.bin]? Destination filename [asdm504.bin]? Accessing tftp://192.168.1.2/asdm504.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Writing file disk0:/asdm504.bin... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 5958324 bytes copied in 336.670 secs (17733 bytes/sec) cisco#

22. Type configure terminal and press Enter.


cisco#configure terminal cisco(config)#

23. Type no route inside 0.0.0.0 0.0.0.0 192.168.1.2 and press Enter.
cisco(config)#no route inside 0.0.0.0 0.0.0.0 192.168.1.2

24. Type end and press Enter.


cisco(config)#end cisco#

25. Type asdm image flash:asdm504.bin and press Enter.


cisco(config)#asdm image flash:asdm504.bin

26. Type http server enable and press Enter.


cisco(config)#http server enable

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (9 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

27. Type http 192.168.1.0 255.255.0 inside and press Enter.


cisco(config)#http 192.168.1.0 255.255.255.0 inside

28. Close your TFTP server software. 29. Close the terminal connection and disconnect the console cable from the ASA.

Back to Top

Next Step
You have completed image recovery for your Cisco ASA 5500 series security appliance. To reconfigure the ASA, proceed to Configure Your ASA 5505 Security Appliance or Configure Your ASA 5510 Security Appliance.

Back to Top

Troubleshoot the Procedure


This section provides information about common problems that you may encounter. If this information does not solve your problem, contact the SMB Technical Assistance Center (SMB TAC) for assistance. Problem The ASA boots normally before you interrupt the boot sequence. Cause(s) and Suggested Solution(s)

Repeat the first step in Recover the Image.

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (10 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant

Ensure that the PC's IP address is configured with 192.168.10.2 with a subnet mask of 255.255.255.0. Refer to Configure an IP Address on Your PC for instructions. You receive an error message Interface link did not come up. Timed out. TFTP: Operation terminated or Timed Out after you perform step 6 of the Recover the Image section. Ensure that you use the proper cable. You must use a crossover cable not a straight-through cable to connect your PC to the ASA first Ethernet port. Refer to Cable Descriptions for more information Ensure that you have launched TFTP Server program.

You receive an error message %Error opening tftp://192.168.1.2/asa704-k8.bin (No such device) or %Error opening tftp://192.168.1.2/asdm504.bin (No such device) after performing steps 20 and 21 respectively Ensure that you have specified the correct file path in step 20 and step 21 of the Recover the Image section.

You receive an error message TFTP error 1 received (File not found). TFTP: Operation terminated.

Ensure that the new software image is stored in your TFTP Root directory. If you are still unable to complete the procedure successfully, contact the SMB Technical Assistance Center (SMB TAC) for assistance.

Back to Top

Related Information
G G G G G

Set Up a TFTP Server Configure an IP Address on Your PC Cable Descriptions Create a HyperTerminal Connection Configure Your ASA 5505 Security Appliance

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (11 of 12)6/27/2008 12:33:20 PM

Cisco SMB Support Assistant


G

Configure Your ASA 5510 Security Appliance

1992-2006 Cisco Systems, Inc. All rights reserved. Terms and Conditions, Privacy Statement, Cookie Policy and Trademarks of Cisco Systems, Inc.

http://www.cisco.com/public/technotes/smbsa/en/us/remote/5500_image_rcvry.html (12 of 12)6/27/2008 12:33:20 PM