Solved

ASA Remote Install

Posted on 2015-01-16
3
187 Views
Last Modified: 2015-01-25
I have an ASA that is in a remote location, that needs upgrading, the iOS and configuration changes.

Is it possible to reset the firewall to factory settings and upon bootup it loads a script to create all the new statements needed?

For example a “config factory-default” and “reload save-config noconfirm”

It then boots up with a pre loaded script on the flash or disk configuring all the interfaces and vlans and everything else?

Has anyone ever done this?

Thanks
0
Comment
Question by:tolinrome
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:Matt
ID: 40553940
You can always upgrade on remote location. Using TFTP and file transfer on VPN connection or HTTP to download ASA image from web server.

Then you need to verify this image (verify disk0:/asa....bin) and modify boot parameters

First check boot sequence:

sh run | i boot

Be careful, boot sequence is added one after another. If you want to boot using new image, I always remove all "boot system image disk0:/..." and then put first boot to point to new image, the second boot to point to the previous image just in case.

For example, you have in boot sequence these two files:
boot system disk0:/asa825-48-k8.bin
boot system disk0:/asa825-50-k8.bin

Now you want to add asa825-52-k8.bin...and preserve asa825-50-k8.bin as the secondary image if something goes wrong with the first one (for example error on flash card)

First remote current boot settings:

no boot system disk0:/asa825-48-k8.bin
no boot system disk0:/asa825-50-k8.bin

Then write new boot settings:

boot system disk0:/asa825-52-k8.bin
boot system disk0:/asa825-50-k8.bin

As a precaution I always have two images on ASA. The last actual one and the previous. Be careful before downloading new image - check free space on flash card - remove the oldest image.

Regarding changes in config file - DO NOT reset it to factory default on remote because you will lose access after reboot. You can save config (startup-config) to your PC and there modify config, then upload it back againt to startup-config. If there is only a small change which does NOT include anything regarding getting public IP from ISP provider, you can modify it online.
0
 
LVL 7

Author Comment

by:tolinrome
ID: 40554181
Thanks Matt, these are good points.

The reset factory default is one of my main procedures though, thats how I wipe it out and put a fresh config on it. The reason for the factory default is because it would be way to tedious and error prone to make all the new changes and remove the old ones (tried it). As you know, I just cant paste a new config on the firewall since most of it wouldn't even take since it would force me to remove previous config lines first. I need to change ACL and NAT statements and VLAN interfaces and their IP addresses etc, etc. Doing this manually takes a long time and is error prone.

What if before I do the factory reset after I already have the startup config with all the statements I want in it, wouldnt that work?
0
 
LVL 6

Accepted Solution

by:
Matt earned 500 total points
ID: 40554989
You can do that of course. I always keep a separate copy of ASA config like these:

disk0:/myconfig-yyyy-mm-dd.txt

You can do write erase and then reload with your already prepared startup-config. Just be careful not to do "wr mem" after "write erase". This is the main reason why I have also one copy separate from CISCO startup-config and also because you can see PPPOE, VPN preshared key passwords when saving to custom backup file.

The main point to be very careful is that ASA gets public IP and that you can access ASA using SSH. If you get these two points to be working then you can of course do whatever you like on remote.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question