Solved

Reload Cisco ASA 5510

Posted on 2009-05-14
7
1,540 Views
Last Modified: 2012-05-07
New ASA 5510.  During an attempt to recover a lost password, ERASE DISK0 was executed.

 How do I recover?  I have the correct BIN files for both the IOS and ASDM and am able to TFTP these files to the ASA 5510.  What do I do after I get them there?  The IOS transferrs and appears OK after WRITE MEM.  Do I need to move/copy anywhere else, i.e. flash etc.?  

What about ASDM?  What is the proper place to move it to, DISK0?  Anything after the BIN is moved?  

Obvioulsy I am new to this and find the DISK0, Startup, Flash etc. confusing

This site has pulled my tail out of the fire numerous times and appreciate each of you....
0
Comment
Question by:wwakefield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 13

Assisted Solution

by:Quori
Quori earned 100 total points
ID: 24392762
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml

That link has the whole procedure for you. Is a PIX link but will apply to the ASA>
0
 
LVL 8

Accepted Solution

by:
ludo_friend earned 150 total points
ID: 24393037
both adsm and the asa .bin file live on disk0
a write memory should take care of storing the running config as a startup config
you also need to point the config to your adsm image
i.e.
asdm image disk0:/asdm-621.bin

fyi - here is the contents of disk0 of one of my 5520's (few old configs from over the years :))
Result of the command: "sh disk0"

--#--  --length--  -----date/time------  path
  142  5511168     Jan 01 2003 10:06:40  asa707-k8.bin
   79  8192        May 21 2008 07:46:04  crypto_archive
  143  6161700     May 21 2008 07:48:34  asdm-507.bin
  145  14635008    Jul 05 2008 11:32:04  asa803-k8.bin
   75  8192        Jul 05 2008 11:48:52  log
  146  6889764     Jul 07 2008 14:54:42  asdm-602.bin
  147  11348300    May 07 2009 23:36:30  asdm-621.bin
  148  14137344    May 07 2009 23:36:38  asa804-k8.bin

255426560 bytes total (194789376 bytes free)

0
 
LVL 8

Expert Comment

by:ludo_friend
ID: 24393043
^^
fyi - here is the contents of disk0 of one of my 5520's (few old configs from over the years :))
should be
fyi - here is the contents of disk0 of one of my 5520's (few old images from over the years :))
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Author Comment

by:wwakefield
ID: 24408665
-Unable to copy anything to DISK0.

-Booted to ROMOM.  TFTPed asa802-k8.bin while in ROMOM and the system booted to that image.  

-Also, does anyone have the original "outof the box" config I can use to get me started.

-If I boot, nothing has stayed resident.  Even tried copy starting to running


-Although write mem etc., nothing shows on DISKO except:
--------------------------------------------------------------
ciscoasa(config)# show disk0
--#--  --length--  -----date/time------  path
    2  4096        May 15 2009 13:51:20  log
    6  4096        May 15 2009 13:51:32  crypto_archive

255582208 bytes total (255324160 bytes free)
ciscoasa(config)#
---------------------------------------------------------------

When attempt to COPY TFTP FLASH
ciscoasa(config)# copy tftp flash

Address or name of remote host [192.168.1.2]?

Source filename [ciscoasa(config)#]? asa802-k8.bin

Destination filename [asa802-k8.bin]?

Accessing tftp://192.168.1.2/asa802-k8.bin...
%Error opening tftp://192.168.1.2/asa802-k8.bin (No such device)
ciscoasa(config)#

--------------------------------------------------------------------------------
Unable to ping the laptop which is set to management interface and static 192.168.1.2\

-----------------------------------------------------------
FYI:



ciscoasa(config)# show run
: Saved
:
ASA Version 8.0(2)
!
hostname ciscoas
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1
 shutdown
 nameif inside
 security-level 100
 ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
!
ssl encryption rc4-sha1
prompt hostname context
Cryptochecksum:d9fa472ac31a478388836e7ca4000a3d
: end

------------------------------------------------
Results of Show VEr

ciscoasa(config)# show ver

Cisco Adaptive Security Appliance Software Version 8.0(2)

Compiled on Fri 15-Jun-07 19:29 by builders
System image file is "tftp://192.168.1.2/asa802-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 17 mins 21 secs

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
 0: Ext: Ethernet0/0         : address is 0021.d871.7fac, irq 9
 1: Ext: Ethernet0/1         : address is 0021.d871.7fad, irq 9
 2: Ext: Ethernet0/2         : address is 0021.d871.7fae, irq 9
 3: Ext: Ethernet0/3         : address is 0021.d871.7faf, irq 9
 4: Ext: Management0/0       : address is 0021.d871.7fab, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 50
Inside Hosts                 : Unlimited
Failover                     : Disabled
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Security Contexts            : 0
GTP/GPRS                     : Disabled
VPN Peers                    : 250
WebVPN Peers                 : 2
Advanced Endpoint Assessment : Disabled

This platform has a Base license.

Serial Number: JMX1234L082
Running Activation Key: 0x843eMASK 0xc488MASK 0xa090MASK 0xac7cMASK 0x852fMASK
Configuration register is 0x1
Configuration last modified by enable_15 at 02:32:34.894 UTC Mon May 18 2009
ciscoasa(config)#
0
 
LVL 6

Author Comment

by:wwakefield
ID: 24408669
If I can just get this back to the way t came out of the box, I can get it up.
0
 
LVL 6

Author Comment

by:wwakefield
ID: 24411124
NOTE:  I did try and set the boot image, but since the image does not show on DISK0, I am unable to point to it.
0
 
LVL 6

Author Closing Comment

by:wwakefield
ID: 31589114
Both of your comments validated what I was I supposed to see and that I was performing the operations correectly.  Contacted Cisco.  The Cisco TFTP server application I was using did not work correctly.  Replaced TFTP application and loaded the correct files.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question