Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

asa 5505 moving files TFTP ROMMON

I have an ASA5505, I erased DISK0:  (Flash) with the idea to delete all the old files and copy over asa914-k8.bin and asdm715.bin

I have managed to totally lose the abilty to move files.

The asa boots to Rommon, from there I am able to get TFTP works and “boot” the asa from asa914-k8.bin but it doesn’t copy asa914-k8.bin to DISK0: (Flash). 

From there I do copy running  star and I get Source Filename [running-config]?

And it saves, I then type reload and I am back to Rommon.

I cant get TFTP to connect once I get from Rommon to a running config.

How can I copy files to the flash?

rommon #1> ADDRESS=192.168.20.10

rommon #2> SERVER=192.168.20.1

rommon #3> GATEWAY=192.168.20.1

rommon #4> IMAGE=asa914-k8.bin

rommon #5> PORT=Ethernet0/0

rommon#6> tftp

gets me back to a running config, I give vlan1 ip 192.168.1.1 255.255.255.0

I am guessing  I need to add a route or a gateway.  I need to get TFTP working to copy over files

Help.. I am stuck…

6 REPLIES
Silver

asa 5505 moving files TFTP ROMMON

could you format the flash disk?

Does another file copy for another ASA bin file fail as well?

---

Posted by WebUser Erik Boss from Cisco Support Community App

Hall of Fame Super Silver

asa 5505 moving files TFTP ROMMON

In your rommon example you are using 192.168.20.0 network. In your running-config example you say you want to use 192.168.1.1. If you do that then, yes, you will need a route off that subnet to get to destiantions on 192.168.20.0.

New Member

asa 5505 moving files TFTP ROMMON

Marvin,

My laptop's ip 192.168.1.44, the ASA is 192.168.1.1 I am able to get the ASA to load asa914-k8.bin from Rommon via TFTP.

Once running my TFTP ability stops, which I am assuming is a Route command or a Gateway issue.  Attached is the running config. 

Can you help me with the command needed to add the route or whatever is needed for the ASA to access my laptop 192.168.1.44 as a TFTP server. 

Once I have TFTP connectivity I think I can copy over asa914-k8.bin to the ASA’s flash and that I am assuming with fix the issue.

When I use TFTP in Rommon its doesn’t copy the BIN file to flash it just loads it into RAM I believe. 

Web User,

I have tried other bin files, same issue.  But thx for the format, that helped me save the running config to flash.

After booting via tftp from rommom here is my current flash

ciscoasa#  show flash

--#--  --length--  -----date/time------  path

    6  2048        Dec 29 2013 15:35:07  log

   12  2048        Dec 29 2013 15:35:22  crypto_archive

   39  1316        Dec 29 2013 15:35:37  8_0_3_0_startup_cfg.sav

   46  2048        Dec 29 2013 15:35:54  coredumpinfo

   47  59          Dec 29 2013 15:35:54  coredumpinfo/coredump.cfg

   50  1138        Dec 29 2013 15:35:54  upgrade_startup_errors_201312291535.log

127135744 bytes total (126695424 bytes free)

ciscoasa#

ASA Version 9.1(4)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

xlate per-session deny tcp any4 any4

xlate per-session deny tcp any4 any6

xlate per-session deny tcp any6 any4

xlate per-session deny tcp any6 any6

xlate per-session deny udp any4 any4 eq domain

xlate per-session deny udp any4 any6 eq domain

xlate per-session deny udp any6 any4 eq domain

xlate per-session deny udp any6 any6 eq domain

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

shutdown

!

interface Ethernet0/1

shutdown

!

interface Ethernet0/2

shutdown

!

interface Ethernet0/3

shutdown

!

interface Ethernet0/4

shutdown

!

interface Ethernet0/5

shutdown

!

interface Ethernet0/6

shutdown

!

interface Ethernet0/7

shutdown

!

interface Vlan1

no nameif

no security-level

ip address 192.168.1.1 255.255.255.0

!

ftp mode passive

pager lines 24

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

no arp permit-nonconnected

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00

icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp

0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite

0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00

absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup

linkdown coldstart

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpool policy

telnet timeout 5

ssh timeout 5

ssh key-exchange group dh-group1-sha1

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

!

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

  destination address http

https://tools.cisco.com/its/service/oddce/services/DD

                                 CEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic

monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:5b5cd4a64c63071ab602b5250d2e8b45

: end

ciscoasa#

Hall of Fame Super Silver

asa 5505 moving files TFTP ROMMON

Well all your physical interfaces are all shutdown (and not assigned to any VLAN). That will certainly prevent you from reaching anything via any of them.

I'd suggest you give your VLAN 1 a nameif (e.g. "Inside") and assign your switch port(s) to the vlan as access ports do a "no shutdown" on the interface your PC is attached to. That's pretty much textbook from the configuration guide (here).

Other than that, you shouldn't need a route statement as your PC is on the same subnet as the vlan 1 logical interface

New Member

Re: asa 5505 moving files TFTP ROMMON

Hello,

 

I hope all is well.

 

In order to place ASA code back on the device (or any other desired file really), it has to be done via ROMMON utilizing TFTP, as you already did. Once that is complete, you have booted from the file but the file is not saved to the persistent memory so if you reboot, you lose the data.

 

The process is simple, once the asa code has loaded, you need to configure a basic route, in order to communicate on the network so that you can download a file via ftp/tftp. I like to format disk0: (flash:) before beginning, to ensure we start with a clean slate. Then you would need to go onto your Management port (1/1 or 0/0 depending on ASA model)

 

ASA 5506-X, ASA 5508-X, and ASA 5516-X use “interface management 1/1” ASA 5512-X, 5515-X, 5525-X, 5545-X utilize “interface management 0/0” instead.

 

Configure an IP address and a subnet mask correspondent to your network. Then, like Marvin stated, you name the interface (nameif) with something like "inside" and configure a deefault route, something like:

 

route inside 0.0.0.0 0.0.0.0 <Gateway IP Address>

and make sure you run a no shut on the management port as well. That is pretty much everything. Then you should be able to move your files using your FTP/TFTP servers.

 

HTH!

 

New Member

Re: asa 5505 moving files TFTP ROMMON

I just read the date on this thread. My apologies....
3442
Views
0
Helpful
6
Replies
CreatePlease to create content