hi marius,

yes, my telnet got disconnected put i can still ping to the ASA.

i'm trying to remotely reboot the ASA but i can't.

any other commands available or a physical hard reset is needed?

Can you try the commands while SSH'ed into the ASA? do you still get the same result?

So, the commands reload, reload in <minutes>, reload at <time> and reload quick do not work?

As a last resort you can force the ASA to create a crash dump which will also force the ASA to reload...I would try to either reload the ASA while using SSH or get someone locally at the site to reload the ASA before using this command.  It will not harm your ASA but it is better to reload the ASA properly than having to force it.

crashinfo force watchdog

--

Please remember to select a correct answer and rate helpful posts

hi marius,

SSH is not an option. yes, reload in x and reload at x doesn't work.

is the command crashinfo force watchdog safe?

will i still get a CLI prompt afterwards? have u tried this before?

hi marius,

the said command works and was able to reboot.

i still can't view the correct show and debug crypto output although my VPN works as per ping from routers behind the ASAs.

perhaps an upgrade is required.

# sh reload
No reload is scheduled.
# sh ve

Cisco Adaptive Security Appliance Software Version 9.1(2)
Device Manager Version 7.1(3)

Compiled on Thu 09-May-13 16:20 PDT by builders
System image file is "disk0:/asa912-smp-k8.bin"
Config file at boot was "startup-config"

ASA01 up 1 min 49 secs

What are you seeing in the show and debug commands that are not correct?

--

Please remember to select a correct answer and rate helpful posts

IKE phase 1 shows nothing although i can see output on both show conn and show xlate.

# debug crypto ikev1 255  <<< JUST DID A PING ON ROUTERS BEHIND, NOTHING

# sh crypto isa sa

There are no IKEv1 SAs

There are no IKEv2 SAs

# sh conn
5 in use, 12 most used
GRE outside RTRA-PE01-Lo2:0 inside  RTRB-PE01-INSIDE:0, idle 0:00:59, bytes 520, flags   
UDP outside  10.20.251.100:389 inside  10.102.5.138:65375, idle 0:00:42, bytes 160, flags -
GRE outside RTRA-PE01-Lo2:0 inside  RTRB-PE01-INSIDE:0, idle 0:00:59, bytes 520, flags  

This does sound like a bug, though I have not been able to find anything that matches exactly what you are describing.  the closest I have come to it is this:

https://tools.cisco.com/bugsearch/bug/CSCui63322

Perhaps an upgrade will solve the issue. remember to have a rollback plan in case things don't go as planned.

--

Please remember to select a correct answer and rate helpful posts

hi marius,

you recommend ASA code 9.1(5), is it stable?

have u personally used this on your ASAs?

I personally am running 9.1(4) on most of my customer's ASAs. I have not encountered any bugs and do not need any new features which is why I have not upgraded.

The latest maintenance releases will normally be the most stabel as these are the ones that have the most bug fixes applied.  It is most often the new minor releases that will have the most bugs (9.1, 9.2, 9.3...etc.)

--

Please remember to select a correct answer and rate helpful posts

hi marius,

cisco suggested 9.1(5) vs the 9.1(4) on their download site.

can i upgrade directly from my current code 9.1(2) to 9.1(5)?

hi marius,

just performed an upgrade to 9.1(5) and solved the reload and S2S/crypto output issue i was having. just to also add, the i remembered the software bug showed some weird static routes that i didn't put when i did a show run route command.

# sh ve

Cisco Adaptive Security Appliance Software Version 9.1(5)
Device Manager Version 7.1(3)

Compiled on Thu 27-Mar-14 10:19 PDT by builders
System image file is "disk0:/asa915-smp-k8.bin"
Config file at boot was "startup-config"

ASA01 up 1 hour 36 mins

# sh flash | i .bin
  110  38191104    Apr 29 2014 14:51:00  asa912-smp-k8.bin
  111  18097844    Apr 29 2014 14:52:20  asdm-713.bin
  123  37822464    Oct 06 2014 19:21:33  asa915-smp-k8.bin

# sh run boot
boot system disk0:/asa915-smp-k8.bin
boot system disk0:/asa912-smp-k8.bin

# sh crypto isa sa

IKEv1 SAs:

   Active SA: 1
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1

1   IKE Peer: 202.x.x.x
    Type    : L2L             Role    : initiator
    Rekey   : no              State   : MM_ACTIVE