How to upgrade both ASA and ASDM on the ASA5505 at once question

Answered Question
Feb 25th, 2010

Can someone suggest the proper way to upgrade both the ASA and ASDM software on the Cisco ASA5505 at one time without getting into trouble like I just did?

Here's what happened.  I copied the asa821-k8.bin and asdm-621.bin files to flash memory, then renamed the older versions as Oasa724-k8.bin and Oasdm-524.bin, and then issued the reload command from the Windows GUI.

Big Mistake, I lost ASDM connectivity entirely and was forced to buy a USB to serial port adapter cable and connect the CLI command port cable to it to be able to get back into the unit.  I found that it was running the asa821-k8.bin kernel as expected, but apparently the ASDM was still running 5.24 version.

Should I just have created a new folder and moved the older versions to that folder, then issued the system reload command and hoped for the best?

I get the feeling that I fouled things up, I am guessing that I would have to use tftp to reload the boot image to get the ASA5505 back up again (using the ROMMON commands)

In fact the only way that I was able to recover the Windows GUI was using the boot command to the older asa724-k8.bin image.

What is the right way to upgrade to the newer versions asa 8.2(1) and asdm 6.2(1) ?

I really do NOT want to risk losing my ability to talk with this box and I spent an anxious afternoon yesterday, when I got the pop-up message box "cannot bring up asdm manager"

======

After working with the CLI port, I noticed that following error:

Device Manager image set, but unable to find disk0:/asdm-524.bin
*** Output from config line 75, "asdm image disk0:/asdm-5..."

So apparently some configuration file needs to point to the correct asdm, and just blindly changing the files in the folder will NOT work.

========

after more working with both the CLI port and the Windows GUI port, I found that the "asdm image" command was NOT working in the CLI software, but apparently was working in the GUI software, so I ran that command to tell the system to use the newer 6.21 on start up.

After this and issuing the reload command from the CLI I was able to come up successfully with the newer asa and asdm software.

I would say that having CLI access is invaluable in this case.

I am NOT sure why the "asdm image" command appears inaccessible on the CLI port.

Any ideas?

As far as I am concerned this problem has been solved (using educated trial and error)

Correct Answer by Panos Kampanakis about 6 years 11 months ago

When the ASA boot it tries to use the "boot system" command file in the config. If it doesn't fine that file (it was not there because you renamed it) it boot the first image it will find..

Though for ASDM the ASA just uses the image that you have. You were pointing to asdm5.2 and renamed it, so there was no valied ASDM image to use.

In other words you should have just changed the "asdm image" and "boot system" commands in the config and point them to the new files, save the config and reboot and then it would have worked fine.

I hope it helps.

PK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Panos Kampanakis Thu, 02/25/2010 - 13:40

When the ASA boot it tries to use the "boot system" command file in the config. If it doesn't fine that file (it was not there because you renamed it) it boot the first image it will find..

Though for ASDM the ASA just uses the image that you have. You were pointing to asdm5.2 and renamed it, so there was no valied ASDM image to use.

In other words you should have just changed the "asdm image" and "boot system" commands in the config and point them to the new files, save the config and reboot and then it would have worked fine.

I hope it helps.

PK

randallrathbun Thu, 02/25/2010 - 14:58

PK:


As you can read from my 2 updates to my original post, I eventually got a solution working, but things weren't smooth sailing.

To start, I did correctly figure out that the config software needs to point to the correct images, but did not.

However when I tried to use the "asdm image ver_nnn" command under CLI it did NOT work, because that command apparently was disabled?  It was not available to my terminal.

I correctly guessed that the GUI might have this command working, so I dropped back to the older software, rebooted and sure enough, it did.

Knowing that, I aligned up the newer asa and asdm versions at the /(root) location, and set the asdm image file to point to the correct asdm version.

After rebooting, everything worked fine.

I subsequently went to the CLI line tool under the GUI and tried the asdm image, and found now that it does work correctly.  Apparently this command was not enable in the earlier v7.24 asa or 5.2 asdm?

The reason all this started was that I wanted to use the packet capture wizard, but saw that it was only available under the latest asdm.

Thanks for your post.

randallrathbun Fri, 02/26/2010 - 09:46

Yes, the "asdm image" command is the same in both versions.

For some strange reason, the CLI terminal kept rejecting my repeated attempts, further more typing in the "help asdm" command showed that the "asdm image" cli was not enabled for some reason.

In the future, I might keep a interactive recording of all my keystrokes, so people can see for themselves. (wide big smile)

Thanks for your posts!

Actions

This Discussion