Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

ASA Keep booting to ROMMON

Posted on 2012-08-30
6
Medium Priority
?
3,925 Views
Last Modified: 2012-09-19
I upgraded the ASA and ASDM to latest 8.4(3) and after that it keep boots to ROMMON.

If i type 'boot' it will boot correctly defaults setting. However it will go to ROMMON if it reload. I pointed to boot from the bin image it does not help.

Process shutdown finished
Rebooting.....

CISCO SYSTEMS
Embedded BIOS Version 1.0(12)13 08/28/08 15:50:37.45

Low Memory: 632 KB
High Memory: 507 MB
PCI Device Table.
Bus Dev Func VendID DevID Class              Irq
 00  01  00   1022   2080  Host Bridge
 00  01  02   1022   2082  Chipset En/Decrypt 11
 00  0C  00   1148   4320  Ethernet           11
 00  0D  00   177D   0003  Network En/Decrypt 10
 00  0F  00   1022   2090  ISA Bridge
 00  0F  02   1022   2092  IDE Controller
 00  0F  03   1022   2093  Audio              10
 00  0F  04   1022   2094  Serial Bus         9
 00  0F  05   1022   2095  Serial Bus         9

Evaluating BIOS Options ...
Launch BIOS Extension to setup ROMMON

Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008

Platform ASA5505
Ethernet0/0
MAC Address: 0007.7d00.6247
Link is UP

Use ? for help.

rommon #0> boot
Launching BootLoader...
Boot configuration file contains 1 entry.


Loading disk0:/asa843-k8.bin... Booting...
Platform ASA5505

Loading...
IO memory blocks requested from bigphys 32bit: 9672
?dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 124 files, 55493/62844 clusters
dosfsck(/dev/hda1) returned 0
Processor memory 348127232, Reserved memory: 62914560

Total SSMs found: 0

Total NICs found: 10
88E6095 rev 2 Gigabit Ethernet @ index 09 MAC: 0000.0003.0002
88E6095 rev 2 Ethernet @ index 08 MAC: 0007.7d00.6246
88E6095 rev 2 Ethernet @ index 07 MAC: 0007.7d00.6245
88E6095 rev 2 Ethernet @ index 06 MAC: 0007.7d00.6244
88E6095 rev 2 Ethernet @ index 05 MAC: 0007.7d00.6243
88E6095 rev 2 Ethernet @ index 04 MAC: 0007.7d00.6242
88E6095 rev 2 Ethernet @ index 03 MAC: 0007.7d00.6241
88E6095 rev 2 Ethernet @ index 02 MAC: 0007.7d00.6240
88E6095 rev 2 Ethernet @ index 01 MAC: 0007.7d00.623f
y88acs06 rev16 Gigabit Ethernet @ index 00 MAC: 0007.7d00.6247
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode        : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.06
Verify the activation-key, it might take a while...
Running Permanent Activation Key: 0xc919c65f 0xf812b810 0xf43125c8 0xa68ca47c 0x0c35069b

Licensed features for this platform:
Maximum Physical Interfaces       : 8              perpetual
...
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5505 Security Plus license.

Ignoring startup configuration as instructed by configuration register.

INFO: MIGRATION - Saving the startup errors to file 'flash:upgrade_startup_errors_201208292337.log'
Type help or '?' for a list of available commands.

ciscoasa> sh flash
--#--  --length--  -----date/time------  path
   34  2068        Aug 29 2012 23:33:36  run0828.cfg
   35  17902288    Aug 27 2012 21:04:42  asdm-647.bin
   13  2048        Jun 04 2011 08:04:30  coredumpinfo
   14  59          Aug 27 2012 22:57:48  coredumpinfo/coredump.cfg
   36  19706880    Aug 27 2012 23:14:16  disk0
    2  2048        Jun 04 2011 08:06:44  log
    5  2048        Jun 04 2011 08:06:52  crypto_archive
   38  25196544    Aug 27 2012 21:16:22  asa843-k8.bin
   39  12998641    Jun 04 2011 08:10:28  csd_3.5.2008-k9.pkg
   40  2048        Jun 04 2011 08:10:30  sdesktop
   48  0           Jun 04 2011 08:10:30  sdesktop/data.xml
   41  6487517     Jun 04 2011 08:10:32  anyconnect-macosx-i386-2.5.2014-k9.pkg
   42  6689498     Jun 04 2011 08:10:34  anyconnect-linux-2.5.2014-k9.pkg
   43  4678691     Jun 04 2011 08:10:36  anyconnect-win-2.5.2014-k9.pkg
   44  19706880    Aug 29 2012 23:14:28  asdm-649-103.bin
   45  100         Aug 29 2012 23:29:10  upgrade_startup_errors_201208292329.log
   19  100         Aug 29 2012 23:37:34  upgrade_startup_errors_201208292337.log
   46  1902        Aug 27 2012 21:16:28  oldconfig_2012Aug28_0521.cfg
   47  0           Aug 27 2012 23:20:34  nat_ident_migrate

ciscoasa> sh disk0
--#--  --length--  -----date/time------  path
   34  2068        Aug 29 2012 23:33:36  run0828.cfg
   35  17902288    Aug 27 2012 21:04:42  asdm-647.bin
   13  2048        Jun 04 2011 08:04:30  coredumpinfo
   14  59          Aug 27 2012 22:57:48  coredumpinfo/coredump.cfg
   36  19706880    Aug 27 2012 23:14:16  disk0
    2  2048        Jun 04 2011 08:06:44  log
    5  2048        Jun 04 2011 08:06:52  crypto_archive
   38  25196544    Aug 27 2012 21:16:22  asa843-k8.bin
   39  12998641    Jun 04 2011 08:10:28  csd_3.5.2008-k9.pkg
   40  2048        Jun 04 2011 08:10:30  sdesktop
   49  0           Jun 04 2011 08:10:30  sdesktop/data.xml
   41  6487517     Jun 04 2011 08:10:32  anyconnect-macosx-i386-2.5.2014-k9.pkg
   42  6689498     Jun 04 2011 08:10:34  anyconnect-linux-2.5.2014-k9.pkg
   43  4678691     Jun 04 2011 08:10:36  anyconnect-win-2.5.2014-k9.pkg
   44  19706880    Aug 29 2012 23:14:28  asdm-649-103.bin
   45  100         Aug 29 2012 23:29:10  upgrade_startup_errors_201208292329.log
   19  100         Aug 29 2012 23:37:34  upgrade_startup_errors_201208292337.log
   46  1902        Aug 27 2012 21:16:28  oldconfig_2012Aug28_0521.cfg
   47  0           Aug 27 2012 23:20:34  nat_ident_migrate


BOOT variable = disk0:/asa843-k8.bin
Current BOOT variable =
CONFIG_FILE variable = disk0:/run0828.cfg
Current CONFIG_FILE variable = disk0:/run0828.cfg

 sh ver

Cisco Adaptive Security Appliance Software Version 8.4(3)
Device Manager Version 6.4(7)

Compiled on Fri 06-Jan-12 10:24 by builders
System image file is "disk0:/asa843-k8.bin"
Config file at boot was "disk0:/run0828.cfg"

Open in new window

0
Comment
Question by:Mazdajai
  • 3
  • 2
6 Comments
 
LVL 2

Accepted Solution

by:
gfilipe earned 1200 total points
ID: 38349175
Hi,

Probably your forgot to add password. Enter with ena

configure terminal
 
copy startup-config running-config
 
Destination filename [running-config]? Y
 
enable password NewPassword
 
config-register 0x1

Reboot to check if ok.
Let us know if this solved the issue.

Regards,
GFilipe
0
 
LVL 58

Expert Comment

by:Pete Long
ID: 38349441
Boot the firewall

go to enable mode

go to configure terminal mode

ciscoasa(config)# boot system disk0:/asa843-k8.bin {enter}

wr mem {Enter}
0
 
LVL 21

Author Comment

by:Mazdajai
ID: 38350650
Looks like adding the enable pw did the trick, is it the default behavior?

Don't remember seeing this before, may be I upgraded the asa recently.
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
LVL 2

Expert Comment

by:gfilipe
ID: 38353459
Hi Mazdajai,

Yes, indeed that is the default behavior if no pw is setup in ASA.

Glad to know that solved the issue.

Regards,
Gfilipe
0
 
LVL 21

Author Comment

by:Mazdajai
ID: 38354306
I have another 5505 which I am going to find that out. I don't remember seeing this before when I first work on it.


http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/start.html

Step 4 Enter the enable password at the prompt.

By default, the password is blank, and you can press the Enter key to continue. See the "Changing the Enable Password" section on page 8-1 to change the enable password.
The prompt changes to: 

Open in new window

0
 
LVL 21

Author Closing Comment

by:Mazdajai
ID: 38414014
ASA boots to ROMMON with no enable password
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question