Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem upgrading ASA5505

I've run into a weird problem. I have an ASA5505 with a very slow Internet connection that acts as an EasyVPN client. I want to upgrade the software image on it but given the speed of the Internet connection, it's going to take about 2 hours. Every time I try to upload the new image to flash, it stops after 1 hour. I guess it's because of the SSH session idle timeout value which is set to 60 minutes (max). Is there any way I can fix this problem? Thanks.

Everyone's tags (2)
Cisco Employee

Re: Problem upgrading ASA5505


If the firewall is local to you, I would suggest you downloading the file to a local computer (may be download it outside of your network) and then uploading it to the firewall from the local PC. That is much better compared to trying to load it via internet.

As far as slow connection is concerned, is it due to your ISP or do you think it is due to the firewall itself? If you think it is due to the firewall itself, you might want to check the output of "show asp drop" to see if there are any drops due to MSS exceed or Out-of-order packets. If yes, please try the following:

tcp-map tmap

exceed-mss allow

queue-limit 250


access-list internet permit tcp any any

class-map internet

match access-list internet


policy-map global_policy

class internet

set connection advanced-options tmap


service-policy global_policy global

Hope this helps.



New Member

Re: Problem upgrading ASA5505

Hi, Nagaraja.

Thanks for the reply. After a few unsuccessful attempts to upload the new image, I decided to switch to some other SSH client since I noticed the uploading stopped when Putty tried to renegotiate the current SSH session. So after switching to SecureCRT, everything went without a hitch.