Mazdajai
asked on
ASA Keep booting to ROMMON
I upgraded the ASA and ASDM to latest 8.4(3) and after that it keep boots to ROMMON.
If i type 'boot' it will boot correctly defaults setting. However it will go to ROMMON if it reload. I pointed to boot from the bin image it does not help.
If i type 'boot' it will boot correctly defaults setting. However it will go to ROMMON if it reload. I pointed to boot from the bin image it does not help.
Process shutdown finished
Rebooting.....
CISCO SYSTEMS
Embedded BIOS Version 1.0(12)13 08/28/08 15:50:37.45
Low Memory: 632 KB
High Memory: 507 MB
PCI Device Table.
Bus Dev Func VendID DevID Class Irq
00 01 00 1022 2080 Host Bridge
00 01 02 1022 2082 Chipset En/Decrypt 11
00 0C 00 1148 4320 Ethernet 11
00 0D 00 177D 0003 Network En/Decrypt 10
00 0F 00 1022 2090 ISA Bridge
00 0F 02 1022 2092 IDE Controller
00 0F 03 1022 2093 Audio 10
00 0F 04 1022 2094 Serial Bus 9
00 0F 05 1022 2095 Serial Bus 9
Evaluating BIOS Options ...
Launch BIOS Extension to setup ROMMON
Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008
Platform ASA5505
Ethernet0/0
MAC Address: 0007.7d00.6247
Link is UP
Use ? for help.
rommon #0> boot
Launching BootLoader...
Boot configuration file contains 1 entry.
Loading disk0:/asa843-k8.bin... Booting...
Platform ASA5505
Loading...
IO memory blocks requested from bigphys 32bit: 9672
?dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 124 files, 55493/62844 clusters
dosfsck(/dev/hda1) returned 0
Processor memory 348127232, Reserved memory: 62914560
Total SSMs found: 0
Total NICs found: 10
88E6095 rev 2 Gigabit Ethernet @ index 09 MAC: 0000.0003.0002
88E6095 rev 2 Ethernet @ index 08 MAC: 0007.7d00.6246
88E6095 rev 2 Ethernet @ index 07 MAC: 0007.7d00.6245
88E6095 rev 2 Ethernet @ index 06 MAC: 0007.7d00.6244
88E6095 rev 2 Ethernet @ index 05 MAC: 0007.7d00.6243
88E6095 rev 2 Ethernet @ index 04 MAC: 0007.7d00.6242
88E6095 rev 2 Ethernet @ index 03 MAC: 0007.7d00.6241
88E6095 rev 2 Ethernet @ index 02 MAC: 0007.7d00.6240
88E6095 rev 2 Ethernet @ index 01 MAC: 0007.7d00.623f
y88acs06 rev16 Gigabit Ethernet @ index 00 MAC: 0007.7d00.6247
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Verify the activation-key, it might take a while...
Running Permanent Activation Key: 0xc919c65f 0xf812b810 0xf43125c8 0xa68ca47c 0x0c35069b
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
...
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5505 Security Plus license.
Ignoring startup configuration as instructed by configuration register.
INFO: MIGRATION - Saving the startup errors to file 'flash:upgrade_startup_errors_201208292337.log'
Type help or '?' for a list of available commands.
ciscoasa> sh flash
--#-- --length-- -----date/time------ path
34 2068 Aug 29 2012 23:33:36 run0828.cfg
35 17902288 Aug 27 2012 21:04:42 asdm-647.bin
13 2048 Jun 04 2011 08:04:30 coredumpinfo
14 59 Aug 27 2012 22:57:48 coredumpinfo/coredump.cfg
36 19706880 Aug 27 2012 23:14:16 disk0
2 2048 Jun 04 2011 08:06:44 log
5 2048 Jun 04 2011 08:06:52 crypto_archive
38 25196544 Aug 27 2012 21:16:22 asa843-k8.bin
39 12998641 Jun 04 2011 08:10:28 csd_3.5.2008-k9.pkg
40 2048 Jun 04 2011 08:10:30 sdesktop
48 0 Jun 04 2011 08:10:30 sdesktop/data.xml
41 6487517 Jun 04 2011 08:10:32 anyconnect-macosx-i386-2.5.2014-k9.pkg
42 6689498 Jun 04 2011 08:10:34 anyconnect-linux-2.5.2014-k9.pkg
43 4678691 Jun 04 2011 08:10:36 anyconnect-win-2.5.2014-k9.pkg
44 19706880 Aug 29 2012 23:14:28 asdm-649-103.bin
45 100 Aug 29 2012 23:29:10 upgrade_startup_errors_201208292329.log
19 100 Aug 29 2012 23:37:34 upgrade_startup_errors_201208292337.log
46 1902 Aug 27 2012 21:16:28 oldconfig_2012Aug28_0521.cfg
47 0 Aug 27 2012 23:20:34 nat_ident_migrate
ciscoasa> sh disk0
--#-- --length-- -----date/time------ path
34 2068 Aug 29 2012 23:33:36 run0828.cfg
35 17902288 Aug 27 2012 21:04:42 asdm-647.bin
13 2048 Jun 04 2011 08:04:30 coredumpinfo
14 59 Aug 27 2012 22:57:48 coredumpinfo/coredump.cfg
36 19706880 Aug 27 2012 23:14:16 disk0
2 2048 Jun 04 2011 08:06:44 log
5 2048 Jun 04 2011 08:06:52 crypto_archive
38 25196544 Aug 27 2012 21:16:22 asa843-k8.bin
39 12998641 Jun 04 2011 08:10:28 csd_3.5.2008-k9.pkg
40 2048 Jun 04 2011 08:10:30 sdesktop
49 0 Jun 04 2011 08:10:30 sdesktop/data.xml
41 6487517 Jun 04 2011 08:10:32 anyconnect-macosx-i386-2.5.2014-k9.pkg
42 6689498 Jun 04 2011 08:10:34 anyconnect-linux-2.5.2014-k9.pkg
43 4678691 Jun 04 2011 08:10:36 anyconnect-win-2.5.2014-k9.pkg
44 19706880 Aug 29 2012 23:14:28 asdm-649-103.bin
45 100 Aug 29 2012 23:29:10 upgrade_startup_errors_201208292329.log
19 100 Aug 29 2012 23:37:34 upgrade_startup_errors_201208292337.log
46 1902 Aug 27 2012 21:16:28 oldconfig_2012Aug28_0521.cfg
47 0 Aug 27 2012 23:20:34 nat_ident_migrate
BOOT variable = disk0:/asa843-k8.bin
Current BOOT variable =
CONFIG_FILE variable = disk0:/run0828.cfg
Current CONFIG_FILE variable = disk0:/run0828.cfg
sh ver
Cisco Adaptive Security Appliance Software Version 8.4(3)
Device Manager Version 6.4(7)
Compiled on Fri 06-Jan-12 10:24 by builders
System image file is "disk0:/asa843-k8.bin"
Config file at boot was "disk0:/run0828.cfg"
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Looks like adding the enable pw did the trick, is it the default behavior?
Don't remember seeing this before, may be I upgraded the asa recently.
Don't remember seeing this before, may be I upgraded the asa recently.
Hi Mazdajai,
Yes, indeed that is the default behavior if no pw is setup in ASA.
Glad to know that solved the issue.
Regards,
Gfilipe
Yes, indeed that is the default behavior if no pw is setup in ASA.
Glad to know that solved the issue.
Regards,
Gfilipe
ASKER
I have another 5505 which I am going to find that out. I don't remember seeing this before when I first work on it.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/start.html
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/start.html
Step 4 Enter the enable password at the prompt.
By default, the password is blank, and you can press the Enter key to continue. See the "Changing the Enable Password" section on page 8-1 to change the enable password.
The prompt changes to:
ASKER
ASA boots to ROMMON with no enable password
go to enable mode
go to configure terminal mode
ciscoasa(config)# boot system disk0:/asa843-k8.bin {enter}
wr mem {Enter}