Cisco ASA iOS Upgrade or recovery

Cisco ASA iOS Upgrade or Restore

First, pre-upgrade preparation work

1. Prepare the iOS files to be upgraded and the corresponding ASDM files

2. Set up TFTP on a computer, setup the directory, and connect with the firewall (assuming the computer IP is 192.168.1.2)

Second, upgrade steps

1 , Telnet on the ASA

asa>en//Enter privileged mode

Asa#conft//Enter configuration mode

2 , viewing files on the ASA, version information, and startup files

Asa (config) #dir//view files on the ASA

Directoryof disk0:/

4879-rw-8202240 19:18:10 Nov Asa721-k8.bin

2391-rw-5539756 00:43:38 Nov Asdm521.bin

4842 drw-0 18:51:24 Nov Log

4843 drw-0 18:51:36 Nov crypto_archive

255426560bytes Total (215465984 bytes free)

Ciscoasa (config) #show ver//view version information and startup file

Ciscoadaptive Security Appliance Software Version 7.2 (1)

DeviceManager Version 5.2 (1)

。。。。。

Systemimage file is "Disk0:/asa721-k8.bin"//This is the startup files and Paths

。。。。。

3 , backing up existing version files on the ASA, ASDM files, and configuration information

ASA (config) #copydisk0:/asa721-k8.bin tftp://192.168.1.2/asa721-k8.bin

Back up the original iOS files to the TFTP server

ASA (config) #copy Disk0:/asdm521.bin tftp://192.168.1.2/asdm521.bin

Back up the original ASDM file to the TFTP server

Showrun

Displays the current configuration and copies the configuration back up to avoid loss of configuration due to incorrect operation

4 , to update the version file and the asdm file upload to tftp

ASA (config) #copy Tftp://192.168.1.2/asa821-k8.bin disk0:/asa821-k8.bin

Copy the new iOS file from the TFTP server to the ASA

ASA (config) #copy Tftp://192.168.1.2/asdm-621.bin disk0:/asdm-621.bin

Copy the new iOS file from the TFTP server to the ASA

ASA (config) #dir//Display the directory again to check if the file was copied successfully

5 , set startup file and ASDM

ASA (config) #no boot system disk0:/asa721-k8.bin//cancel before starting iOS

ASA (config) #boot system disk0:/asa821-k8.bin//Setting up a new boot iOS

ASA (config) #asdm image Disk0:/asdm621.bin//Set new ASDM

DeviceManager image set, but not a valid image file Disk0:/asdm-621.bin

Because the new iOS file does not take effect before restarting, it is prompted that the new ASDM image will be invalid when the association is set.

ASA (config) #exit

asa# WR//Save Configuration

asa# Reload//reboot to make configuration effective

Third, the treatment measures after the failure of the upgrade

When the upgrade fails to cause the firewall flash to be erase, the device will continue to restart because it cannot find the startup file

1 , enter monitoring mode

When the device starts, it is prompted to press a key to enter monitoring mode. As follows:

Use break or ESC to interrupt boot.

Use SPACE to begin boot immediately.

Press "ESC" key to enter monitoring mode.

Rommon #1 >

2 , set the ASA

Upgrading iOS requires some simple settings for the ASA, such as setting the address of the device, setting the address of the TFTP server, setting the name of the iOS software, sync saving, testing the connectivity with Tftpserver with the ping command, and finally executing the command tftpdnld, and the software starts loading.

Note: In monitoring mode we need to connect the computer and the ASA5510 management interface, the IP address is also set for the management interface.

Rommon #2 > address=192.168.1.1 (Router address)

Rommon #3 > gateway=192.168.1.2 (Default gateway, set to native address)

Rommon #4 > Image=asa821-k8.bin (Specify iOS file name)

Rommon #5 > server=192.168.1.2 (TFTP SERVER address, native address)

Rommon #6 >

Rommon #6 > Sync

Updating NVRAM Parameters ...

Rommon #7 > Ping 192.168.1.2

Link is up

Sending, 100-byte ICMP echoes to 192.168.1.2, timeout is 4 seconds:

?!!!!!!!!!!!!!!!!!!!

Success rate is percent (19/20)

3 , execute tftpdnld command

After execution, the following appears:

Rommon #8 > Tftpdnld

ROMMON Variable Settings:

address=192.168.1.1

server=192.168.1.

gateway=192.168.1.2

port=management0/0

Vlan=untagged

Image=asa821-k8.bin

config=

Linktimeout=20

Pkttimeout=4

Retry=20

TFTP [email protected] via 192.168.1.2

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

4 , uploading iOS to the ASA

Instead of loading the ASA, iOS boots the device from TFTP. This can be seen with the show version command when the device is booted:

System image file is "Tftp://192.168.1.2/asa821-k8.bin"

After the boot is complete, you need to connect the TFTP server to an interface other than the management interface before upgrading iOS

Note: The interface must be configured as a inside port

Asa#conf T

ASA (config) #int e0/0

ASA (config-if) #nameif inside

ASA (config-if) #ip add 192.168.1.1 255.255.255.0

ASA (config-if) #no sh

Asa#ping 192.168.1.2

You can upgrade your iOS after you get through.

Asa#copy Tftp:flash:

Tftp Server IP address:192.168.1.2

Source file Name:asa821-k8.bin

Destination file Name:asa821-k8.bin

There is no end to this step, and the boot system setting is required at this time

Using commands

ASA (config) #boot system Disk0:/asa821-k8.bin

ASA (config) #asdm image disk0:/asdm-621.bin

ASA (config) #wr

And then you can reload it.

After rebooting, look at Dir and basically you're done.

After iOS recovery, you also need to copy the GUI management software to the ASA, and the commands for copy iOS are the same.

Cisco ASA iOS Upgrade or recovery