Solved

Reload Cisco ASA 5510

Posted on 2009-05-14
7
1,529 Views
Last Modified: 2012-05-07
New ASA 5510.  During an attempt to recover a lost password, ERASE DISK0 was executed.

 How do I recover?  I have the correct BIN files for both the IOS and ASDM and am able to TFTP these files to the ASA 5510.  What do I do after I get them there?  The IOS transferrs and appears OK after WRITE MEM.  Do I need to move/copy anywhere else, i.e. flash etc.?  

What about ASDM?  What is the proper place to move it to, DISK0?  Anything after the BIN is moved?  

Obvioulsy I am new to this and find the DISK0, Startup, Flash etc. confusing

This site has pulled my tail out of the fire numerous times and appreciate each of you....
0
Comment
Question by:wwakefield
  • 4
  • 2
7 Comments
 
LVL 13

Assisted Solution

by:Quori
Quori earned 100 total points
ID: 24392762
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml

That link has the whole procedure for you. Is a PIX link but will apply to the ASA>
0
 
LVL 8

Accepted Solution

by:
ludo_friend earned 150 total points
ID: 24393037
both adsm and the asa .bin file live on disk0
a write memory should take care of storing the running config as a startup config
you also need to point the config to your adsm image
i.e.
asdm image disk0:/asdm-621.bin

fyi - here is the contents of disk0 of one of my 5520's (few old configs from over the years :))
Result of the command: "sh disk0"

--#--  --length--  -----date/time------  path
  142  5511168     Jan 01 2003 10:06:40  asa707-k8.bin
   79  8192        May 21 2008 07:46:04  crypto_archive
  143  6161700     May 21 2008 07:48:34  asdm-507.bin
  145  14635008    Jul 05 2008 11:32:04  asa803-k8.bin
   75  8192        Jul 05 2008 11:48:52  log
  146  6889764     Jul 07 2008 14:54:42  asdm-602.bin
  147  11348300    May 07 2009 23:36:30  asdm-621.bin
  148  14137344    May 07 2009 23:36:38  asa804-k8.bin

255426560 bytes total (194789376 bytes free)

0
 
LVL 8

Expert Comment

by:ludo_friend
ID: 24393043
^^
fyi - here is the contents of disk0 of one of my 5520's (few old configs from over the years :))
should be
fyi - here is the contents of disk0 of one of my 5520's (few old images from over the years :))
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 6

Author Comment

by:wwakefield
ID: 24408665
-Unable to copy anything to DISK0.

-Booted to ROMOM.  TFTPed asa802-k8.bin while in ROMOM and the system booted to that image.  

-Also, does anyone have the original "outof the box" config I can use to get me started.

-If I boot, nothing has stayed resident.  Even tried copy starting to running


-Although write mem etc., nothing shows on DISKO except:
--------------------------------------------------------------
ciscoasa(config)# show disk0
--#--  --length--  -----date/time------  path
    2  4096        May 15 2009 13:51:20  log
    6  4096        May 15 2009 13:51:32  crypto_archive

255582208 bytes total (255324160 bytes free)
ciscoasa(config)#
---------------------------------------------------------------

When attempt to COPY TFTP FLASH
ciscoasa(config)# copy tftp flash

Address or name of remote host [192.168.1.2]?

Source filename [ciscoasa(config)#]? asa802-k8.bin

Destination filename [asa802-k8.bin]?

Accessing tftp://192.168.1.2/asa802-k8.bin...
%Error opening tftp://192.168.1.2/asa802-k8.bin (No such device)
ciscoasa(config)#

--------------------------------------------------------------------------------
Unable to ping the laptop which is set to management interface and static 192.168.1.2\

-----------------------------------------------------------
FYI:



ciscoasa(config)# show run
: Saved
:
ASA Version 8.0(2)
!
hostname ciscoas
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1
 shutdown
 nameif inside
 security-level 100
 ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
!
ssl encryption rc4-sha1
prompt hostname context
Cryptochecksum:d9fa472ac31a478388836e7ca4000a3d
: end

------------------------------------------------
Results of Show VEr

ciscoasa(config)# show ver

Cisco Adaptive Security Appliance Software Version 8.0(2)

Compiled on Fri 15-Jun-07 19:29 by builders
System image file is "tftp://192.168.1.2/asa802-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 17 mins 21 secs

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
 0: Ext: Ethernet0/0         : address is 0021.d871.7fac, irq 9
 1: Ext: Ethernet0/1         : address is 0021.d871.7fad, irq 9
 2: Ext: Ethernet0/2         : address is 0021.d871.7fae, irq 9
 3: Ext: Ethernet0/3         : address is 0021.d871.7faf, irq 9
 4: Ext: Management0/0       : address is 0021.d871.7fab, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 50
Inside Hosts                 : Unlimited
Failover                     : Disabled
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Security Contexts            : 0
GTP/GPRS                     : Disabled
VPN Peers                    : 250
WebVPN Peers                 : 2
Advanced Endpoint Assessment : Disabled

This platform has a Base license.

Serial Number: JMX1234L082
Running Activation Key: 0x843eMASK 0xc488MASK 0xa090MASK 0xac7cMASK 0x852fMASK
Configuration register is 0x1
Configuration last modified by enable_15 at 02:32:34.894 UTC Mon May 18 2009
ciscoasa(config)#
0
 
LVL 6

Author Comment

by:wwakefield
ID: 24408669
If I can just get this back to the way t came out of the box, I can get it up.
0
 
LVL 6

Author Comment

by:wwakefield
ID: 24411124
NOTE:  I did try and set the boot image, but since the image does not show on DISK0, I am unable to point to it.
0
 
LVL 6

Author Closing Comment

by:wwakefield
ID: 31589114
Both of your comments validated what I was I supposed to see and that I was performing the operations correectly.  Contacted Cisco.  The Cisco TFTP server application I was using did not work correctly.  Replaced TFTP application and loaded the correct files.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
jump server vs push server 6 96
Extending  a subnet 9 39
NSD FAIL 2 25
Not able to route between subnets 8 50
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now