12-28-2013 11:01 PM
I have an ASA5505, I erased DISK0: (Flash) with the idea to delete all the old files and copy over asa914-k8.bin and asdm715.bin
I have managed to totally lose the abilty to move files.
The asa boots to Rommon, from there I am able to get TFTP works and “boot” the asa from asa914-k8.bin but it doesn’t copy asa914-k8.bin to DISK0: (Flash).
From there I do copy running star and I get Source Filename [running-config]?
And it saves, I then type reload and I am back to Rommon.
I cant get TFTP to connect once I get from Rommon to a running config.
How can I copy files to the flash?
rommon #1> ADDRESS=192.168.20.10
rommon #2> SERVER=192.168.20.1
rommon #3> GATEWAY=192.168.20.1
rommon #4> IMAGE=asa914-k8.bin
rommon #5> PORT=Ethernet0/0
rommon#6> tftp
gets me back to a running config, I give vlan1 ip 192.168.1.1 255.255.255.0
I am guessing I need to add a route or a gateway. I need to get TFTP working to copy over files
Help.. I am stuck…
12-29-2013 05:39 AM
could you format the flash disk?
Does another file copy for another ASA bin file fail as well?
---
Posted by WebUser Erik Boss from Cisco Support Community App
12-29-2013 07:06 AM
In your rommon example you are using 192.168.20.0 network. In your running-config example you say you want to use 192.168.1.1. If you do that then, yes, you will need a route off that subnet to get to destiantions on 192.168.20.0.
12-29-2013 10:49 AM
Marvin,
My laptop's ip 192.168.1.44, the ASA is 192.168.1.1 I am able to get the ASA to load asa914-k8.bin from Rommon via TFTP.
Once running my TFTP ability stops, which I am assuming is a Route command or a Gateway issue. Attached is the running config.
Can you help me with the command needed to add the route or whatever is needed for the ASA to access my laptop 192.168.1.44 as a TFTP server.
Once I have TFTP connectivity I think I can copy over asa914-k8.bin to the ASA’s flash and that I am assuming with fix the issue.
When I use TFTP in Rommon its doesn’t copy the BIN file to flash it just loads it into RAM I believe.
Web User,
I have tried other bin files, same issue. But thx for the format, that helped me save the running config to flash.
After booting via tftp from rommom here is my current flash
ciscoasa# show flash
--#-- --length-- -----date/time------ path
6 2048 Dec 29 2013 15:35:07 log
12 2048 Dec 29 2013 15:35:22 crypto_archive
39 1316 Dec 29 2013 15:35:37 8_0_3_0_startup_cfg.sav
46 2048 Dec 29 2013 15:35:54 coredumpinfo
47 59 Dec 29 2013 15:35:54 coredumpinfo/coredump.cfg
50 1138 Dec 29 2013 15:35:54 upgrade_startup_errors_201312291535.log
127135744 bytes total (126695424 bytes free)
ciscoasa#
ASA Version 9.1(4)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
shutdown
!
interface Ethernet0/1
shutdown
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
no nameif
no security-level
ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
pager lines 24
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00
icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp
0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite
0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00
absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup
linkdown coldstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
!
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic
monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:5b5cd4a64c63071ab602b5250d2e8b45
: end
ciscoasa#
12-29-2013 08:21 PM
Well all your physical interfaces are all shutdown (and not assigned to any VLAN). That will certainly prevent you from reaching anything via any of them.
I'd suggest you give your VLAN 1 a nameif (e.g. "Inside") and assign your switch port(s) to the vlan as access ports do a "no shutdown" on the interface your PC is attached to. That's pretty much textbook from the configuration guide (here).
Other than that, you shouldn't need a route statement as your PC is on the same subnet as the vlan 1 logical interface
09-29-2017 06:34 AM
Hello,
I hope all is well.
In order to place ASA code back on the device (or any other desired file really), it has to be done via ROMMON utilizing TFTP, as you already did. Once that is complete, you have booted from the file but the file is not saved to the persistent memory so if you reboot, you lose the data.
The process is simple, once the asa code has loaded, you need to configure a basic route, in order to communicate on the network so that you can download a file via ftp/tftp. I like to format disk0: (flash:) before beginning, to ensure we start with a clean slate. Then you would need to go onto your Management port (1/1 or 0/0 depending on ASA model)
ASA 5506-X, ASA 5508-X, and ASA 5516-X use “interface management 1/1” ASA 5512-X, 5515-X, 5525-X, 5545-X utilize “interface management 0/0” instead.
Configure an IP address and a subnet mask correspondent to your network. Then, like Marvin stated, you name the interface (nameif) with something like "inside" and configure a deefault route, something like:
route inside 0.0.0.0 0.0.0.0 <Gateway IP Address>
and make sure you run a no shut on the management port as well. That is pretty much everything. Then you should be able to move your files using your FTP/TFTP servers.
HTH!
09-29-2017 06:35 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: