cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
36337
Views
7
Helpful
15
Replies

ASA IOS Image/Rommon help needed!

martinezaw
Level 1
Level 1

I powered up an ASA 5520 and received the below message:

Launching BootLoader...

Default configuration file contains 1 entry.

Searching / for images to boot.

Error 28: Selected item cannot fit into memory

unable to boot an image

Someone thought that I should erase flash and tftpdnld from Rommon. I deleted disk0:

Next in Rommon, I tried doing the following commands...

ADDRESS=192.168.2.1 (ASA's address)

SERVER=192.168.2.2 (connected to my laptop for tftp via a cross-over cable)

GATEWAY=192.168.2.1 (have also tried leaving this blank and the laptop's IP)

PORT=GigabitEthernet0/0 (port cable is plugged into)

I usually will get that GigabitEthernet0/0 is UP

I then enter the tftpdnld command, and it's like the ASA can't see the connection between it and the laptop.

It can't even ping.

I know the TFTP works because I tried it with a different ASA while in the IOS and it worked fine.

What am I doing wrong?

15 Replies 15

francisco_1
Level 7
Level 7

rommon #1> ADDRESS=192.168.1.10

rommon #2> SERVER=192.168.1.1

rommon #3> GATEWAY=192.168.1.1

rommon #4> IMAGE=asa800-232-k8.bin

rommon #5> PORT=Ethernet0/0

The above configuration will assign an IP address of 192.168.1.10 to interface Ethernet0/0 of the firewall appliance. It will also tell the firewall that the TFTP SERVER is at address 192.168.1.1 and the image to load is asa800-232-k8.bin

Step5: Execute the TFTP upload from the ASA using:

rommon #6> tftp

see this link http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml#t3

These are my variables...

rommon #6> set

ROMMON Variable Settings:

ADDRESS=192.168.2.1

SERVER=192.168.2.2

GATEWAY=192.168.2.2

PORT=GigabitEthernet0/0

VLAN=untagged

IMAGE=asa723-k8.bin

CONFIG=

LINKTIMEOUT=20

PKTTIMEOUT=4

RETRY=3

192.168.2.2 is my tftp server. The ASA cannot even ping the server (which is directly connected with a cross-over cable). I have tried using the management0/0 interface as well with the same problem.

is the laptop and ASA connected directly or to a switch. are you using a straight cable or crossover? Are you getting a ling on the laptop NIC?

I get the below message on the ASA

rommon #1> interface GigabitEthernet0/0

GigabitEthernet0/0

Link is UP

MAC Address: 001b.d5fb.4994

I also see a link light on the laptop NIC. The two are directly connected with no switch or anything in-between.

Ok, I was able to get tftpdnld to work... but when I tried to save the tftp file to memory (once I loaded the IOS via TFTP) it said that I did not have enough memory.

ciscoasa# copy tftp://192.168.2.2/asa723-k8.bin flash:

Address or name of remote host [192.168.2.2]?

Source filename [asa723-k8.bin]?

Destination filename [asa723-k8.bin]?

Accessing tftp://192.168.2.2/asa723-k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!

%Error copying tftp://192.168.2.2/asa723-k8.bin (Not enough space on device)

I then went back to Rommon and tried to erase everything but got the following result...

Erasing Disk0:

................................................................................

................................................................................

................................................................................

................................................................................

................................................................................

................................................................................

................................................................................

................................................................................

................................................................................

................................................................................

................................................................................

................................................................................

....................ata_cmd_response: drive not ready for command 0xec

ATA registers:

--------------

Drive/Head:0xb0, Status:0x80, Error:0x0

Cylinder:0x3d3, Head:0x0, Sector:0x1

ata_soft_reset: Resetting CF card device @0x1f0, drive 1

ata_soft_reset: Resetting CF card device @0x1f0, drive 1 did not bring up the de

vice 0

Do you or any one else know what this mean? Does this mean that my flash memory is bad? If so, can flash memory be changed out?

worth speaking to your cisco vendor you bought it from and get them to replace the unit. replacement unit should come with a code so you dont have to go through this process.

Francisco.

if you can try some show command to find the ASA image loaded on the flash. Then you can try to erase the old ios and upload the new

rommon #1> erase disk0:image.bin

rommon #1> erase flash:image.bin

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/admin_trouble.html

Hope this helps

Either memory is full or bad, usually full.  As mentioned below try to erase first, you don't have a valid image on anyway.


%Error copying tftp://192.168.2.2/asa723-k8.bin (Not enough space on device)


I ran into this exact issue and was able to fix it by issuing the "format disk0:" command after booted into the image via tftp from rommon:

 

ciscoasa# format disk0:

Format operation may take a while. Continue? [confirm]

Format operation will destroy all data in "disk0:". Continue? [confirm]
Initializing partition - done!
mkdosfs 2.11 (12 Mar 2005)

System tables written to disk

Format of disk0 complete
ciscoasa# dir

Directory of disk0:/

No files in directory

127004672 bytes total (126996480 bytes free)

 

After the format I was able to write to the disk0: / flash: via copy from tftp server.

Hope that works for anyone dealing with this. Please label "Helpful" if it is!

I realize some time has passed since the original post, but I though I'd leave this here for anyone referencing this article in the future. I had to add a forward slash ie: / to the beginning of the file name for the tftp to work. I'm using Tftpd64 by Ph. Jounin. 

Interestingly ping server did not work for me either (windows firewall is disabled), but the TFTP did eventually work once I added the /

ie: IMAGE=/filename.bin

 

Hello guys,

The port option does not work for me. i get an error when i issue Port = PortNo

kndrkim01
Level 1
Level 1

Either you have a typo, or you're using the same address for the ASA and the Gateway 192.168.2.1, which won't work.  If you don't have something routing then use the server address as the gateway, so the ASA looks to the server for connectivity and settings.

kndrkim01  

After 7 years the original poster has either figured it out or moved on.

:D

Most likely, but there may be someone doing a web search that trips over this thread, in which case I hope it helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: