ASA & ASDM upgrade

Answered Question
Aug 10th, 2010

Hi

We have a Cisco ASA5510 which came last year with the default software installed:

asa708-k8.bin

asdm-508.bin

i have successfully configured the vpn and security rules etc.

i would now like to upgrade the asdm and asa software, so i downloaded all the new software levels from the appropriate part of the cisco website

i have managed to upgrade the asdm to 509 using the following process:

***

asdm image disk0:/asdm509.bin

wr me

reload

***

If i try any other higher version such as 511 i get the error:

"Device Manager image set, but not a valid image file"

I have read that you can get this error and it doesn't matter, so if i continue and write the setting to flash and reboot - then i can't get into the asdm once it has rebooted.

I have also tried updating the boot system variable to later software (eg 711) as well as the asdm (611). When the system reboots it seems to see the new asa software but it will not boot it. it does not spit out any errors but keeps recycling back to the choice of booting in 10 seconds or press escape to stop, whereby i have to boot it back into the 708 level of the software from the rommon# command line

i am not using tftp (which i don't believe is so necessary anymore) and i used the asdm to upload the newer downloaded files from my laptop to the device. are there any more checks that i can make to verify the software other than filesize?

what further options have i got?

thanks

I have this problem too.
0 votes
Correct Answer by Allen P Chen about 6 years 3 months ago

Hi Dickon,

ASDM 5.2(5) is only compatible with ASA 7.2.  Therefore, can you try the following.

1.  First change the boot parameters to point to the 7.2 file:

no boot system disk0:/asa708-k8.bin

boot system disk0:/asa724-k8.bin

wr mem

2.  Reboot the ASA, verifiy that it boots into 7.2(4) in the output of "show version".

3.  Once it boots into 7.2(4), please change your ASDM image:

asdm image disk0:/asdm-525.bin

Please let us know your findings, thanks.

Correct Answer by Allen P Chen about 6 years 3 months ago

Hi Dickon,

Quick question for you.  You mentioned the following:

i have followed the directions to upgrade from asa 708 to asa 711 and  from asdm 509 to 511(with both the CLI and the GUI) and it does not seem to work properly, this resulted in a perpetual rebooting process whereby i  could only stop it by escaping from the boot process at the 'rommon:'  prompt to force it to boot back into the asa 708.

Did you experience the perpetual reboot when the ASA image was changed from 708 to 711 (with the "boot system" command), or when the ASDM image was changed from 509 to 511 (with the "asdm image" command)?  Please let me know.

Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
actica123 Tue, 08/10/2010 - 02:35

Hi

i was using this link as a guide to changing the config. This is the method that i used:

config terminal

boot system disk0:/asa711-k8.bin

write memory

reload

i also tried using the GUI setting as well....

in the bootup sequence of the device on the CLI i could see that the 711 software was definitely starting - it just wasn't getting any further

thanks

dickon

actica123 Tue, 08/10/2010 - 05:18

Hi thanks

i still get the following error

asafirewall(config)# sho disk

-#- --length-- -----date/time------ path

  6 5548032    Jan 01 2003 00:06:26 asa708-k8.bin

  7 0          Oct 22 2008 19:32:02 crypto_archive

  8 6163744    Oct 22 2008 19:34:44 asdm-508.bin

11 6190944    Jul 23 2010 10:52:56 asdm-509.bin

12 7552312    Jul 23 2010 10:58:50 asdm511.bin

13 6746112    Jul 23 2010 11:06:16 asa711-k8.bin

14 7495680    Jul 23 2010 12:01:02 asdm-512.bin

15 6514852    Aug 10 2010 13:09:02 asdm-524.bin

16 8515584    Aug 10 2010 13:11:16 asa724-k8.bin

200589312 bytes available (54837248 bytes used)

asafirewall(config)# asdm image disk0:/asdm-524.bin

Device Manager image set, but not a valid image file disk0:/asdm-524.bin

is this always a problem? - should it just be ignored? is there an issue with the 711/511 version? there is no error when specifying the system disk.

dc

Jitendriya Athavale Tue, 08/10/2010 - 05:41

If I understand you right I think u r refering to the output of show disk as error.

If so it's not an error all its saying is what you have in your flash

actica123 Tue, 08/10/2010 - 05:46

no - i am showing you the output of the show disk command to show you the file size of the uploaded binary files

and i am showing you the error from the asdm image setting command

mirober2 Tue, 08/10/2010 - 08:37

Hi Dickon,

If your ASA is running 7.1(1), ASDM 5.2(4) will not work. The latest ASDM image available for 7.1(1) is ASDM 5.1(2). 5.2 or higher will generate the error message you're seeing.

Your best bet is to upgrade to ASA 7.2(4) and ASDM 5.2(5).

Hope that helps.

-Mike

actica123 Tue, 08/10/2010 - 10:01

hi Mike

as i mentioned before above my current config is:

asa 7.0(8)

asdm 5.0(9)

i have followed the directions to upgrade from asa 708 to asa 711 and from asdm 509 to 511(with both the CLI and the GUI) and it does not seem to work properly, this resulted in a perpetual rebooting process whereby i could only stop it by escaping from the boot process at the 'rommon:' prompt to force it to boot back into the asa 708. i have only been able to upgrade successfully from asdm 5.0(8) to 5.0(9). There was no obvious error message in this rebooting process. when i next try it i might be able to include a sample - i will need to extend the history of the putty terminal - but it should be ok.

should i be able to make the following step upgrade in one go as you suggest?

asa 7.0(8)- > asa 7.2(4)

asdm 5.0(9) - > asdm 5.2(5)

when i make the command :

asdm image disk0:/asdm525.bin

i always get the image invalid error - see my previous post - is this to be expected?

dickon

Kureli Sankar Tue, 08/10/2010 - 10:25

That error (i always get the image invalid error ) doesn't make sense.

When you issue "dir flash:" you do see the exact same file name correct?

asdm image disk0:/asdm525.bin

It is not missing a "-" or other character? Copy and paste it from the "dir flash" output instead of typing.

Issue

"asdm image flash:/"

-KS

actica123 Tue, 08/10/2010 - 10:48

ok - small typographical error  i missed the '-', however whichever .bin file i try to make the asdm image it does always come up with the same error

again i include the show disk output to illustrate the file sizes of the uploaded files. the only time when i have not received this error is when i upgraded the asdm from 5.0(8) to 5.0(9)

asafirewall(config)# sho asdm image

Device Manager image file, disk0:/asdm-508.bin

asafirewall(config)#

asafirewall(config)# sho run boot

boot system disk0:/asa708-k8.bin

asafirewall(config)#

asafirewall(config)#

asafirewall(config)# sho disk

-#- --length-- -----date/time------ path

  6 5548032    Jan 01 2003 00:06:26 asa708-k8.bin

  7 0          Oct 22 2008 19:32:02 crypto_archive

  8 6163744    Oct 22 2008 19:34:44 asdm-508.bin

11 6190944    Jul 23 2010 10:52:56 asdm-509.bin

12 7552312    Jul 23 2010 10:58:50 asdm511.bin

13 6746112    Jul 23 2010 11:06:16 asa711-k8.bin

14 7495680    Jul 23 2010 12:01:02 asdm-512.bin

15 6514852    Aug 10 2010 13:09:02 asdm-524.bin

16 8515584    Aug 10 2010 13:11:16 asa724-k8.bin

17 6507516    Aug 10 2010 18:40:14 asdm-525.bin

194076672 bytes available (61349888 bytes used)

asafirewall(config)#

asafirewall(config)# asdm image disk0:/asdm-525.bin

Device Manager image set, but not a valid image file disk0:/asdm-525.bin

asafirewall(config)#

Kureli Sankar Tue, 08/10/2010 - 10:54

Uh huh !

Also, you need to make sure "sh ver" shows a proper asa code running for it to take the asdm image line which matches the asa code already loaded

on the ASA.

Meaning you can't be running ASA 7.x code and pointing to the asdm image for 6.2.x. It will not work.

-KS

Correct Answer
Allen P Chen Tue, 08/10/2010 - 10:42

Hi Dickon,

Quick question for you.  You mentioned the following:

i have followed the directions to upgrade from asa 708 to asa 711 and  from asdm 509 to 511(with both the CLI and the GUI) and it does not seem to work properly, this resulted in a perpetual rebooting process whereby i  could only stop it by escaping from the boot process at the 'rommon:'  prompt to force it to boot back into the asa 708.

Did you experience the perpetual reboot when the ASA image was changed from 708 to 711 (with the "boot system" command), or when the ASDM image was changed from 509 to 511 (with the "asdm image" command)?  Please let me know.

Thanks in advance.

actica123 Tue, 08/10/2010 - 10:54

Hi

ok - i am pretty sure i experienced the perpetual rebooting only when i changed the boot system disk on its own and when i changed them both at the same time - it was a few hours ago now - the first time i tried it from the CLI it added the .bin to list list but the 7.0(8) was higher. i have read that it should be possible to change them both at once.

if you try and change just the asdm (from 508 to 511) on its own it will give you the image error and then reboot - but you can't access the asdm once it is rebooted - i thought i had read somewhere it was backwards compatible one version

dickon

Correct Answer
Allen P Chen Tue, 08/10/2010 - 11:00

Hi Dickon,

ASDM 5.2(5) is only compatible with ASA 7.2.  Therefore, can you try the following.

1.  First change the boot parameters to point to the 7.2 file:

no boot system disk0:/asa708-k8.bin

boot system disk0:/asa724-k8.bin

wr mem

2.  Reboot the ASA, verifiy that it boots into 7.2(4) in the output of "show version".

3.  Once it boots into 7.2(4), please change your ASDM image:

asdm image disk0:/asdm-525.bin

Please let us know your findings, thanks.

actica123 Tue, 08/10/2010 - 11:06

Hi

ok thanks for both your answers and suggestions (kusankar and allenpch) i think i understand - and it sort of makes sense.

i will try this - have to do it out of hours on thursday night (UK time) - so i will repost on friday morning (UK time) what the results are

dickon

actica123 Fri, 08/13/2010 - 01:36

ok great!

thanks very much - did this last night and it worked perfectly! it's nice to know that there is an up to date software on the system rather than something 2 years old - which was a year out of date when we bought the device!

is there a particular version of java which will work with this version - i have been holding back on java 6 update 7, since anything newer would not work with the 5.0(8) asdm. which level can i upgrade to?

at some point i will investigate upgrading to 8.X when i have the time....- i see there are other discussions discussing this  and i don't want to break everything for everybody!

cheers for all the help

dickon

cashqoo Wed, 11/24/2010 - 02:31

sorry for digging up old thread.

i am preparing to upgrade my asa(7.0(8) and adsm 5.0(8), and realised that i need to do it in an increment manner.

i am looking to upgrade to the latest asa 8.3 and adsm available.

what are the software version sequence i should take?

something like this for ASA - 7.0(8) > 7.1 > 7.2 > 8.0 > 8.1 > 8.2 > 8.3

Actions

This Discussion

Related Content