Solved

Reload Cisco ASA 5510

Posted on 2009-05-14
7
1,541 Views
Last Modified: 2012-05-07
New ASA 5510.  During an attempt to recover a lost password, ERASE DISK0 was executed.

 How do I recover?  I have the correct BIN files for both the IOS and ASDM and am able to TFTP these files to the ASA 5510.  What do I do after I get them there?  The IOS transferrs and appears OK after WRITE MEM.  Do I need to move/copy anywhere else, i.e. flash etc.?  

What about ASDM?  What is the proper place to move it to, DISK0?  Anything after the BIN is moved?  

Obvioulsy I am new to this and find the DISK0, Startup, Flash etc. confusing

This site has pulled my tail out of the fire numerous times and appreciate each of you....
0
Comment
Question by:wwakefield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 13

Assisted Solution

by:Quori
Quori earned 100 total points
ID: 24392762
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml

That link has the whole procedure for you. Is a PIX link but will apply to the ASA>
0
 
LVL 8

Accepted Solution

by:
ludo_friend earned 150 total points
ID: 24393037
both adsm and the asa .bin file live on disk0
a write memory should take care of storing the running config as a startup config
you also need to point the config to your adsm image
i.e.
asdm image disk0:/asdm-621.bin

fyi - here is the contents of disk0 of one of my 5520's (few old configs from over the years :))
Result of the command: "sh disk0"

--#--  --length--  -----date/time------  path
  142  5511168     Jan 01 2003 10:06:40  asa707-k8.bin
   79  8192        May 21 2008 07:46:04  crypto_archive
  143  6161700     May 21 2008 07:48:34  asdm-507.bin
  145  14635008    Jul 05 2008 11:32:04  asa803-k8.bin
   75  8192        Jul 05 2008 11:48:52  log
  146  6889764     Jul 07 2008 14:54:42  asdm-602.bin
  147  11348300    May 07 2009 23:36:30  asdm-621.bin
  148  14137344    May 07 2009 23:36:38  asa804-k8.bin

255426560 bytes total (194789376 bytes free)

0
 
LVL 8

Expert Comment

by:ludo_friend
ID: 24393043
^^
fyi - here is the contents of disk0 of one of my 5520's (few old configs from over the years :))
should be
fyi - here is the contents of disk0 of one of my 5520's (few old images from over the years :))
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 6

Author Comment

by:wwakefield
ID: 24408665
-Unable to copy anything to DISK0.

-Booted to ROMOM.  TFTPed asa802-k8.bin while in ROMOM and the system booted to that image.  

-Also, does anyone have the original "outof the box" config I can use to get me started.

-If I boot, nothing has stayed resident.  Even tried copy starting to running


-Although write mem etc., nothing shows on DISKO except:
--------------------------------------------------------------
ciscoasa(config)# show disk0
--#--  --length--  -----date/time------  path
    2  4096        May 15 2009 13:51:20  log
    6  4096        May 15 2009 13:51:32  crypto_archive

255582208 bytes total (255324160 bytes free)
ciscoasa(config)#
---------------------------------------------------------------

When attempt to COPY TFTP FLASH
ciscoasa(config)# copy tftp flash

Address or name of remote host [192.168.1.2]?

Source filename [ciscoasa(config)#]? asa802-k8.bin

Destination filename [asa802-k8.bin]?

Accessing tftp://192.168.1.2/asa802-k8.bin...
%Error opening tftp://192.168.1.2/asa802-k8.bin (No such device)
ciscoasa(config)#

--------------------------------------------------------------------------------
Unable to ping the laptop which is set to management interface and static 192.168.1.2\

-----------------------------------------------------------
FYI:



ciscoasa(config)# show run
: Saved
:
ASA Version 8.0(2)
!
hostname ciscoas
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/1
 shutdown
 nameif inside
 security-level 100
 ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
!
ssl encryption rc4-sha1
prompt hostname context
Cryptochecksum:d9fa472ac31a478388836e7ca4000a3d
: end

------------------------------------------------
Results of Show VEr

ciscoasa(config)# show ver

Cisco Adaptive Security Appliance Software Version 8.0(2)

Compiled on Fri 15-Jun-07 19:29 by builders
System image file is "tftp://192.168.1.2/asa802-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 17 mins 21 secs

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
 0: Ext: Ethernet0/0         : address is 0021.d871.7fac, irq 9
 1: Ext: Ethernet0/1         : address is 0021.d871.7fad, irq 9
 2: Ext: Ethernet0/2         : address is 0021.d871.7fae, irq 9
 3: Ext: Ethernet0/3         : address is 0021.d871.7faf, irq 9
 4: Ext: Management0/0       : address is 0021.d871.7fab, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 50
Inside Hosts                 : Unlimited
Failover                     : Disabled
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Security Contexts            : 0
GTP/GPRS                     : Disabled
VPN Peers                    : 250
WebVPN Peers                 : 2
Advanced Endpoint Assessment : Disabled

This platform has a Base license.

Serial Number: JMX1234L082
Running Activation Key: 0x843eMASK 0xc488MASK 0xa090MASK 0xac7cMASK 0x852fMASK
Configuration register is 0x1
Configuration last modified by enable_15 at 02:32:34.894 UTC Mon May 18 2009
ciscoasa(config)#
0
 
LVL 6

Author Comment

by:wwakefield
ID: 24408669
If I can just get this back to the way t came out of the box, I can get it up.
0
 
LVL 6

Author Comment

by:wwakefield
ID: 24411124
NOTE:  I did try and set the boot image, but since the image does not show on DISK0, I am unable to point to it.
0
 
LVL 6

Author Closing Comment

by:wwakefield
ID: 31589114
Both of your comments validated what I was I supposed to see and that I was performing the operations correectly.  Contacted Cisco.  The Cisco TFTP server application I was using did not work correctly.  Replaced TFTP application and loaded the correct files.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question