ASA Keep booting to ROMMON

I upgraded the ASA and ASDM to latest 8.4(3) and after that it keep boots to ROMMON.

If i type 'boot' it will boot correctly defaults setting. However it will go to ROMMON if it reload. I pointed to boot from the bin image it does not help.

Process shutdown finished
Rebooting.....

CISCO SYSTEMS
Embedded BIOS Version 1.0(12)13 08/28/08 15:50:37.45

Low Memory: 632 KB
High Memory: 507 MB
PCI Device Table.
Bus Dev Func VendID DevID Class              Irq
 00  01  00   1022   2080  Host Bridge
 00  01  02   1022   2082  Chipset En/Decrypt 11
 00  0C  00   1148   4320  Ethernet           11
 00  0D  00   177D   0003  Network En/Decrypt 10
 00  0F  00   1022   2090  ISA Bridge
 00  0F  02   1022   2092  IDE Controller
 00  0F  03   1022   2093  Audio              10
 00  0F  04   1022   2094  Serial Bus         9
 00  0F  05   1022   2095  Serial Bus         9

Evaluating BIOS Options ...
Launch BIOS Extension to setup ROMMON

Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008

Platform ASA5505
Ethernet0/0
MAC Address: 0007.7d00.6247
Link is UP

Use ? for help.

rommon #0> boot
Launching BootLoader...
Boot configuration file contains 1 entry.


Loading disk0:/asa843-k8.bin... Booting...
Platform ASA5505

Loading...
IO memory blocks requested from bigphys 32bit: 9672
?dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 124 files, 55493/62844 clusters
dosfsck(/dev/hda1) returned 0
Processor memory 348127232, Reserved memory: 62914560

Total SSMs found: 0

Total NICs found: 10
88E6095 rev 2 Gigabit Ethernet @ index 09 MAC: 0000.0003.0002
88E6095 rev 2 Ethernet @ index 08 MAC: 0007.7d00.6246
88E6095 rev 2 Ethernet @ index 07 MAC: 0007.7d00.6245
88E6095 rev 2 Ethernet @ index 06 MAC: 0007.7d00.6244
88E6095 rev 2 Ethernet @ index 05 MAC: 0007.7d00.6243
88E6095 rev 2 Ethernet @ index 04 MAC: 0007.7d00.6242
88E6095 rev 2 Ethernet @ index 03 MAC: 0007.7d00.6241
88E6095 rev 2 Ethernet @ index 02 MAC: 0007.7d00.6240
88E6095 rev 2 Ethernet @ index 01 MAC: 0007.7d00.623f
y88acs06 rev16 Gigabit Ethernet @ index 00 MAC: 0007.7d00.6247
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode        : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.06
Verify the activation-key, it might take a while...
Running Permanent Activation Key: 0xc919c65f 0xf812b810 0xf43125c8 0xa68ca47c 0x0c35069b

Licensed features for this platform:
Maximum Physical Interfaces       : 8              perpetual
...
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5505 Security Plus license.

Ignoring startup configuration as instructed by configuration register.

INFO: MIGRATION - Saving the startup errors to file 'flash:upgrade_startup_errors_201208292337.log'
Type help or '?' for a list of available commands.

ciscoasa> sh flash
--#--  --length--  -----date/time------  path
   34  2068        Aug 29 2012 23:33:36  run0828.cfg
   35  17902288    Aug 27 2012 21:04:42  asdm-647.bin
   13  2048        Jun 04 2011 08:04:30  coredumpinfo
   14  59          Aug 27 2012 22:57:48  coredumpinfo/coredump.cfg
   36  19706880    Aug 27 2012 23:14:16  disk0
    2  2048        Jun 04 2011 08:06:44  log
    5  2048        Jun 04 2011 08:06:52  crypto_archive
   38  25196544    Aug 27 2012 21:16:22  asa843-k8.bin
   39  12998641    Jun 04 2011 08:10:28  csd_3.5.2008-k9.pkg
   40  2048        Jun 04 2011 08:10:30  sdesktop
   48  0           Jun 04 2011 08:10:30  sdesktop/data.xml
   41  6487517     Jun 04 2011 08:10:32  anyconnect-macosx-i386-2.5.2014-k9.pkg
   42  6689498     Jun 04 2011 08:10:34  anyconnect-linux-2.5.2014-k9.pkg
   43  4678691     Jun 04 2011 08:10:36  anyconnect-win-2.5.2014-k9.pkg
   44  19706880    Aug 29 2012 23:14:28  asdm-649-103.bin
   45  100         Aug 29 2012 23:29:10  upgrade_startup_errors_201208292329.log
   19  100         Aug 29 2012 23:37:34  upgrade_startup_errors_201208292337.log
   46  1902        Aug 27 2012 21:16:28  oldconfig_2012Aug28_0521.cfg
   47  0           Aug 27 2012 23:20:34  nat_ident_migrate

ciscoasa> sh disk0
--#--  --length--  -----date/time------  path
   34  2068        Aug 29 2012 23:33:36  run0828.cfg
   35  17902288    Aug 27 2012 21:04:42  asdm-647.bin
   13  2048        Jun 04 2011 08:04:30  coredumpinfo
   14  59          Aug 27 2012 22:57:48  coredumpinfo/coredump.cfg
   36  19706880    Aug 27 2012 23:14:16  disk0
    2  2048        Jun 04 2011 08:06:44  log
    5  2048        Jun 04 2011 08:06:52  crypto_archive
   38  25196544    Aug 27 2012 21:16:22  asa843-k8.bin
   39  12998641    Jun 04 2011 08:10:28  csd_3.5.2008-k9.pkg
   40  2048        Jun 04 2011 08:10:30  sdesktop
   49  0           Jun 04 2011 08:10:30  sdesktop/data.xml
   41  6487517     Jun 04 2011 08:10:32  anyconnect-macosx-i386-2.5.2014-k9.pkg
   42  6689498     Jun 04 2011 08:10:34  anyconnect-linux-2.5.2014-k9.pkg
   43  4678691     Jun 04 2011 08:10:36  anyconnect-win-2.5.2014-k9.pkg
   44  19706880    Aug 29 2012 23:14:28  asdm-649-103.bin
   45  100         Aug 29 2012 23:29:10  upgrade_startup_errors_201208292329.log
   19  100         Aug 29 2012 23:37:34  upgrade_startup_errors_201208292337.log
   46  1902        Aug 27 2012 21:16:28  oldconfig_2012Aug28_0521.cfg
   47  0           Aug 27 2012 23:20:34  nat_ident_migrate


BOOT variable = disk0:/asa843-k8.bin
Current BOOT variable =
CONFIG_FILE variable = disk0:/run0828.cfg
Current CONFIG_FILE variable = disk0:/run0828.cfg

 sh ver

Cisco Adaptive Security Appliance Software Version 8.4(3)
Device Manager Version 6.4(7)

Compiled on Fri 06-Jan-12 10:24 by builders
System image file is "disk0:/asa843-k8.bin"
Config file at boot was "disk0:/run0828.cfg"

Open in new window

LVL 21
MazdajaiAsked:
Who is Participating?
 
gfilipeCommented:
Hi,

Probably your forgot to add password. Enter with ena

configure terminal
 
copy startup-config running-config
 
Destination filename [running-config]? Y
 
enable password NewPassword
 
config-register 0x1

Reboot to check if ok.
Let us know if this solved the issue.

Regards,
GFilipe
0
 
Pete LongTechnical ConsultantCommented:
Boot the firewall

go to enable mode

go to configure terminal mode

ciscoasa(config)# boot system disk0:/asa843-k8.bin {enter}

wr mem {Enter}
0
 
MazdajaiAuthor Commented:
Looks like adding the enable pw did the trick, is it the default behavior?

Don't remember seeing this before, may be I upgraded the asa recently.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
gfilipeCommented:
Hi Mazdajai,

Yes, indeed that is the default behavior if no pw is setup in ASA.

Glad to know that solved the issue.

Regards,
Gfilipe
0
 
MazdajaiAuthor Commented:
I have another 5505 which I am going to find that out. I don't remember seeing this before when I first work on it.


http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/start.html

Step 4 Enter the enable password at the prompt.

By default, the password is blank, and you can press the Enter key to continue. See the "Changing the Enable Password" section on page 8-1 to change the enable password.
The prompt changes to: 

Open in new window

0
 
MazdajaiAuthor Commented:
ASA boots to ROMMON with no enable password
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.