Solved

How do I configure a Cisco ASA 5505 to boot automatically?

Posted on 2008-10-01
28
4,013 Views
Last Modified: 2013-11-16
A small business that I help with their network recently added a Cisco ASA 5505 to their network. When running, it is performing great, but anytime they lose power, or the box gets powered down, it will  not boot back up. I have to connect a console cable and boot it manually. I'm assuming there are commands I can use to tell it what config file to use when it boots, but I'm not familiar enough with Cisco products to know them. Can anyone let me know what I need to do, or point me in the right direction?

Thanks.
0
Comment
Question by:eric281
  • 9
  • 9
  • 4
  • +2
28 Comments
 
LVL 4

Expert Comment

by:Dimarc67
ID: 22616380
Does your configuration include the "boot system disk0" commands?

Post your config (scrubbed), if you can.
0
 

Author Comment

by:eric281
ID: 22616416
I don't have a copy of the config with me, and I was hoping to know what to look for when I get to the location. Barring that, I will go out and manually boot it today and grab a copy of the config to post tonight.
0
 
LVL 4

Expert Comment

by:Dimarc67
ID: 22616461
Definitely look for the "boot system disk0:" command line.  It should be followed by the software file name, or perhaps simply be "boot system flash" if it's the only file there.

See:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/b.html#wp1355786
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22616877

diskX: is for external flash, the ASA will boot with no boot system commands the first image in internal flash. When you boot manually where do you tell it to boot from?

What does :show flash:" show? Are there any boot system commands referencing non-existent images?

harbor235 ;}
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22616912
It will read like this:
boot system disk0:/asa804-k8.bin
additionally, you should use the ASDM image command as well if you want the ASDM to work.
asdm image disk0:/asdm-613.bin
Make sure you replace the numbers in those commands with the numbers of your actual image files.
You can check those numbers by running the command show flash
Cheers! I hope that helps!
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22616936
BTW - if you have multiple images in flash, then sometimes the ASA will pick the wrong one to boot from or ask you which one to boot - the fix is the boot system command I just posted. That will ensure the right image is loaded every time. Same with the ASDM. Also, make sure you update those commands when you upgrade the software or it will just keep booting from the old version if the .bin file (image) is present.
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22617063

Sure , it helps rehashing what everyone else has already said or what Dimarc67 posted via url.
lol

harbor235 ;}
0
 

Author Comment

by:eric281
ID: 22617322
Both lines are there with correct ver #'s. Just stops at rommon and I type in boot and everything works. What next?
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22617352
That's weird... can you please post a copy of your config and sh flash?
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22617391
both lines, you mean there are two "boot system commands" ? or there are two images in flash?

If there are two images then perhaps the first has a problem, when it boots which one is running?

If ther are two boot system commands then perhaps the first references a bad image or bad location
what are the boot system commands? what order are they in flash top to bottom


harbor235 ;}
0
 

Author Comment

by:eric281
ID: 22617422
One boot line, on adsm line. Only one file of each type. I deleted the entry and tried to add ot back in the gui and it says "Not a valid configuration file"
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22617577
By GUI you mean the ASDM I suppose? Just add it with command line.
0
 

Author Comment

by:eric281
ID: 22617604
Doing it from cli adds it, but still won't boot
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 79

Expert Comment

by:lrmoore
ID: 22617736
Sounds like the boot system config entry is pointing to a non-existent file.
Try just removing the line completly and letting it boot into the only valid image it can find.
0
 

Author Comment

by:eric281
ID: 22617791
Tried that, and tried renaming it and adding the new name/deleting the old line. Still stops at rommon and starts up with just "boot"
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 22617879
Try the config-register command, combined with *no* boot system config entry
config-register 0x1
0
 
LVL 4

Expert Comment

by:Dimarc67
ID: 22617910
Just for reference, I just checked my own ASA 5510 which was installed and configured only a month ago.  It shows the boot line...TWICE, with the same file name on both lines.  Don't know if that helps at all, but I thought I'd mention it.
0
 

Author Comment

by:eric281
ID: 22618020
Didn't have internet while onsite, back at my office now, so pasting config now.
show info: (from rommon prompt)
 

Cisco Systems ROMMON Version (1.0(12)6) #0: Mon Aug 21 19:34:06 PDT 2006
 

Platform Identification and Boot Information:

         Controller Type: 0x0520

           Platform Name: ASA5505

  Configuration Register: 0x00002100
 

Interface Device Information:

  Ethernet0/0: Y88ACS06, PCI: bus-0, slot-12, fct-0, rev-16, irq-11

  Ethernet0/1: Y88ACS06, PCI: bus-0, slot-12, fct-0, rev-16, irq-11

  Ethernet0/2: Y88ACS06, PCI: bus-0, slot-12, fct-0, rev-16, irq-11

  Ethernet0/3: Y88ACS06, PCI: bus-0, slot-12, fct-0, rev-16, irq-11

  Ethernet0/4: Y88ACS06, PCI: bus-0, slot-12, fct-0, rev-16, irq-11

  Ethernet0/5: Y88ACS06, PCI: bus-0, slot-12, fct-0, rev-16, irq-11

  Ethernet0/6: Y88ACS06, PCI: bus-0, slot-12, fct-0, rev-16, irq-11

  Ethernet0/7: Y88ACS06, PCI: bus-0, slot-12, fct-0, rev-16, irq-11
 

ROMMON Variable Settings:

  ADDRESS=0.0.0.0

  SERVER=0.0.0.0

  GATEWAY=0.0.0.0

  PORT=Ethernet0/0

  VLAN=untagged

  IMAGE=

  CONFIG=

  LINKTIMEOUT=20

  PKTTIMEOUT=4

  RETRY=20
 

rommon #5>
 

---------------------------
 

vpn> show flash:

--#--  --length--  -----date/time------  path

    2  4096        Aug 20 2008 06:42:28  log

   71  4181246     Jul 09 2008 03:44:08  securedesktop-asa-3.2.1.103-k9.pkg

   72  398305      Jul 09 2008 03:44:26  sslclient-win-1.1.0.154.pkg

   73  6889764     Aug 20 2008 06:08:36  asdm-524.bin

    6  4096        Sep 29 2008 16:29:54  crypto_archive

   79  393696      Sep 29 2008 16:29:54  crypto_archive/crypto_arch_1.bin

   75  14524416    Aug 20 2008 04:30:40  asa802-k8.bin

   76  8515584     Aug 20 2008 04:19:28  asa724-k8.bak

   77  2635734     Aug 20 2008 08:59:22  anyconnect-win-2.0.0343-k9.pkg

   78  89          Aug 22 2008 05:22:34  dap.xml
 

127111168 bytes total (89219072 bytes free)
 
 
 

vpn> show disk0:

--#--  --length--  -----date/time------  path

    2  4096        Aug 20 2008 06:42:28  log

   71  4181246     Jul 09 2008 03:44:08  securedesktop-asa-3.2.1.103-k9.pkg

   72  398305      Jul 09 2008 03:44:26  sslclient-win-1.1.0.154.pkg

   73  6889764     Aug 20 2008 06:08:36  asdm-524.bin

    6  4096        Sep 29 2008 16:29:54  crypto_archive

   80  393696      Sep 29 2008 16:29:54  crypto_archive/crypto_arch_1.bin

   75  14524416    Aug 20 2008 04:30:40  asa802-k8.bin

   76  8515584     Aug 20 2008 04:19:28  asa724-k8.bak

   77  2635734     Aug 20 2008 08:59:22  anyconnect-win-2.0.0343-k9.pkg

   78  89          Aug 22 2008 05:22:34  dap.xml
 

127111168 bytes total (89219072 bytes free)
 

-----------------------------
 

show conf (I think these are the relevant parts, if I need to paste more I can.
 

.

.

.

.

boot system disk0:/asa802-k8.bin

ftp mode passive

clock timezone CST -6

clock summer-time CDT recurring

.

.

.

asdm image disk0:/asdm-524.bin

no asdm history enable

arp timeout 14400

.

.

.
 

-------------------------
 

vpn(config)# show boot
 

BOOT variable = disk0:/asa802-k8.bin

Current BOOT variable = disk0:/asa802-k8.bin

CONFIG_FILE variable =

Current CONFIG_FILE variable =

vpn(config)#
 

-------------------------

Open in new window

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22618055
Yes - the configuration register can affect that. Let us know if that works.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22618074
DiMarc67 - you should probably fix that. It's not supposed to be that way. lol
0
 

Author Comment

by:eric281
ID: 22618127
So looking at the config-register command and the table.. it looks like mine tries to boot from a tftp server, then stops when it doesn't find it. 0x1 should just make it boot from the first available image correct? Just trying to understand the commands instead of typing them in like a monkey. Once I run that command, will I need to sync?
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22618160
Yes, that should make it work. What do you mean by sync?
0
 

Author Comment

by:eric281
ID: 22618174
I was under the impression that there was some sort of sync command you had to use at rommon to save the settings once you use config-register.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22618207
oh no - you just reload the device after you chage it.
:)
0
 
LVL 4

Expert Comment

by:Dimarc67
ID: 22618256
Oops.  I was wrong.  My ASA 5510 shows two boot commands, but the two files are different.  I'm showing:

boot system disk0:/asa804-k8.bin
boot system disk0:/asa803-k8.bin

Mine is not usually a "leave well enough alone" attitude, but in this case, it's working fine so I ain't touchin' it.  I only wanted to add what I'm seeing here in case it helps out Eric at all.
0
 

Author Comment

by:eric281
ID: 22618277
Ok, and just for clarification, I do run the config-register command from rommon, correct?
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22618304
yes
config-register 0x1
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Defaulting a Branch Juniper SRX240 5 22
Cisco ASA5508-X vs Barracuda X200 2 32
Cisco NBAR 6 22
OSPF Cost 2 14
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now