Solved

ASA IOS upgrade

Posted on 2010-11-30
4
1,153 Views
Last Modified: 2012-05-10
am using asa firewall. i want to install netflow analyzer...So its requirement asa ios version mini 8.2.. my ios  8.0  please see below sh version

Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)

Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"

ASA-SMS up 36 days 1 hour

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : ¿CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: ¿CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : ¿CNlite-MC-IPSECm-MAIN-2.05
 0: Ext: Ethernet0/0         : address is 0024.14d2.083c, irq 9
 1: Ext: Ethernet0/1         : address is 0024.14d2.083d, irq 9
 2: Ext: Ethernet0/2         : address is 0024.14d2.083e, irq 9
 3: Ext: Ethernet0/3         : address is 0024.14d2.083f, irq 9
 4: Ext: Management0/0       : address is 0024.14d2.0840, irq 11
 5: Int: Not used            : irq 11
 6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 50
Inside Hosts                 : Unlimited
Failover                     : Disabled
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Security Contexts            : 0
GTP/GPRS                     : Disabled
VPN Peers                    : 250
WebVPN Peers                 : 2
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions            : 2

This platform has a Base license.

Serial Number: JMX1311L14Y
Running Activation Key: 0x2710f762 0x60960500 0xc4007520 0xa084d090 0x05183091
Configuration register is 0x1
Configuration last modified by admin at 10:21:26.090 AST Mon Nov 29 2010

So how to upgrade my ios ? from where i get latest ios ? if i trying to upgrade ios anything happend or effect running configuration ? Please give me solutions and advice ....


 
0
Comment
Question by:nisartlaa
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 34237622
You can only download the ASA image from Cisco.com, and you have to have a valid CCO account with a valid smartnet contract in order to download the images.

Get both the ASA and the ASDM images
I recommend 8.23 for ASA and 6.34 for ASDM
I do not recommend going to 8.3
Using the ASDM upgrade tool, you can upgrade directly from your local PC after you download the images from Cisco. The whole process may take 5 minutes, including the reload. Since you are already on 8.x there should be no changes or affects from the upgrade. Very quick and painless.
0
 

Assisted Solution

by:mayankblitzster
mayankblitzster earned 250 total points
ID: 34237715
First of all, before you touch anything, you should list your configuration using the command:

show config

Print your config to paper, just in case. Your config should stay during the IOS upgrade, but you never know what could happen. You may want to make sure you have console access to the router, as well as the ability to connect to it via the ethernet port. You can temporarily change the address on the ethernet port if you wish by entering:

conf term

At the (config)# prompt select the interface:

int eth0

then

ip address x.x.x.x y.y.y.y

where x is the ip address and y is the subnet mask. Use the earlier show config command so you can set it back when you are done. You could also enter a secondary address instead. Whatever you like.

You can find out what the name of your current flash image is by:

show flash

The next thing you should do is copy your current image (flashimage) up to the TFTP server:

copy flash:flashimage tftp://ipaddress/flashimage

You should see an entry like this in the log of your tftp server:

Receiving 'flashimage' file from x.x.x.x in binary mode

Copy your current image twice if you wish, to different file names, just to be safe. Browse Cisco to be very sure you have the right image. If you load the wrong image of IOS, your router won't work. Pay attention to the amount of RAM your system has, and how much the upgraded IOS needs. IOS 12.2 needs more RAM than 12.0, and Cisco isn't lying about this. When you are happy you have the right image:

delete flashimage
copy tftp://ipaddress/flashimage flash:flashimage

You will be asked if you want to erase the current image. Say yes. When it is done loading, change your eth0 IP if needed, and remove any old boot references:

conf term
no boot system flash oldflashimagename
boot system flash flashimage
exit

Now copy your config:

copy running-config startup-config

Reload, and you are set:

reload

Now, when you reboot all should come up ok. If it doesn't, you will have to use the console port and xmodem to load an image that does work, and this is painful. Here is how to do it.

Pretty much, you just hit ctrl-break (At least with the version of HyperTerminal we used) when the router boots to get into rommon. Minicom or other terminal programs may have different sequences. Try ctrl-c, esc, etc. After you successfully enter rommon, you just:

rommon> xmodem -cf fileimagename

then, from your terminal program, send the file using xmodem. On our 1600, we had to do this at 9600 baud. We couldn't figure out how to change our router to transfer faster than 9600, although we did see some references to how to do it. At 9600 baud, it takes about 50 minutes to reload IOS. After you are done uploading the image, remove the old boot references and copy config to start as above. If all else fails, you could go back to the flash image that you copied via TFTP.



Hope it helps you
0
 
LVL 6

Expert Comment

by:mahrens007
ID: 34244066
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question