Problem upgrading ASA5505

Unanswered Question
Jul 9th, 2010
User Badges:

I've run into a weird problem. I have an ASA5505 with a very slow Internet connection that acts as an EasyVPN client. I want to upgrade the software image on it but given the speed of the Internet connection, it's going to take about 2 hours. Every time I try to upload the new image to flash, it stops after 1 hour. I guess it's because of the SSH session idle timeout value which is set to 60 minutes (max). Is there any way I can fix this problem? Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Nagaraja Thanthry Fri, 07/09/2010 - 12:59
User Badges:
  • Cisco Employee,


If the firewall is local to you, I would suggest you downloading the file to a local computer (may be download it outside of your network) and then uploading it to the firewall from the local PC. That is much better compared to trying to load it via internet.

As far as slow connection is concerned, is it due to your ISP or do you think it is due to the firewall itself? If you think it is due to the firewall itself, you might want to check the output of "show asp drop" to see if there are any drops due to MSS exceed or Out-of-order packets. If yes, please try the following:

tcp-map tmap

exceed-mss allow

queue-limit 250


access-list internet permit tcp any any

class-map internet

match access-list internet


policy-map global_policy

class internet

set connection advanced-options tmap


service-policy global_policy global

Hope this helps.



saiiven07 Fri, 07/09/2010 - 13:50
User Badges:

Hi, Nagaraja.

Thanks for the reply. After a few unsuccessful attempts to upload the new image, I decided to switch to some other SSH client since I noticed the uploading stopped when Putty tried to renegotiate the current SSH session. So after switching to SecureCRT, everything went without a hitch.


This Discussion

Related Content