I had an ASA flash die today, it was an unfortunate experience that I recommend avoiding!
Anyway, Try as I might I could not find any directions on how to recover from this situation, so I thought I would put in vivid detail what worked for me so it can help others out there
First, if your flash has died, the ASA won't boot, you need to console into the ASA and wait for the following prompt:
Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006
Platform ASA5520
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Press ESC to break the boot process and you will be in ROMMON:
rommon #1>
You need to set a bunch of variables so that the ASA can download the image over your management interface, so plugin a laptop and run up a TFTP server and put the image on a directory accessible from the TFTP Server
rommon #> ADDRESS=192.168.50.1
rommon #> SERVER=192.168.50.2
rommon #> GATEWAY=0.0.0.0
rommon #> IMAGE=asa804-k8.bin
In my case I did not need a gateway but in your case you might, you can also specify what port it should use by setting some other variables, to get a list of variables type help but for most situations the above will be enough.
Next type tftpdnld to start the download process:
rommon #4> tftp
ROMMON Variable Settings:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
The image will then boot, but this is not the end of your adventure, you will be booted into the ASA:
and see something like this:
Insufficient flash space available for this request:
Size info: request:32 free:0 delta:32
open or write(ffsdev/2/write/32) failed
Could not initialize system files in flash.
Type help or '?' for a list of available commands.
this is saying it can't see the flash, so go ahead and enter enable mode and we will format the flash
ciscoasa> en
Password:
ciscoasa# format disk0:
WARNING: Saving activation key file failed. Proceed with operation? [confirm]
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "disk0:". Continue? [confirm]
Initializing partition - done!
mkdosfs 2.11 (12 Mar 2005)
System tables written to disk
Format of disk0 complete
ciscoasa# fsck disk0:
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
/dev/hda1: 2 files, 2/62934 clusters
fsck of disk0: complete
ciscoasa# dir
Directory of disk0:/
No files in directory
257777664 bytes total (257769472 bytes free)
ciscoasa#
Now that you can actually see the disk0, you need to reconfigure the management interface AGAIN:
interface Management0/0
nameif management
security-level 0
ip address 192.168.50.1 255.255.255.0
ciscoasa# ping 192.168.50.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.50.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
You can now copy the image again over tftp using the usual copy tftp flash command:
ciscoasa# copy ftp flash
Address or name of remote host [192.168.50.2]?
Source filename [asa804-k8.bin]?
Destination filename [asa804-k8.bin]?
Accessing ftp://192.168.50.2/asa804-k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
You can now write the mem and reload!
You may have to retrieve your activation key though for your ASA
ciscoasa# format disk0:
WARNING: Saving activation key file failed. Proceed with operation? [confirm]
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "disk0:". Continue? [confirm]
Initializing partition - done!
mkdosfs 2.11 (12 Mar 2005)
System tables written to disk
Format of disk0 complete
ciscoasa# fsck disk0:
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
/dev/hda1: 2 files, 2/62934 clusters
fsck of disk0: complete
ciscoasa# dir
Subscribe to:
Post Comments (Atom)
Popular old posts.
-
Hi Guys Having spent a lot of time with customers working on vPC deployments, I have found quite a few of the gotcha's for vPC that I w...
-
Hi Guys! This blog post is attempting to be the DEFINITIVE guide on Jumbo MTU, It's a topic that DOES MY HEAD IN! There are SO many ...
-
So some of the readers of this blog might already know this little trick, and what's more some of you might be surprised I didn't kn...
Thanks for this!!
ReplyDeleteno route to 192.168.1.1
ReplyDeleteWill it eventually go into ROMMON if it can't boot? All I get when I power on is "Booting system, please wait..." and no other output. I tried to ESC and ctrl-break many times but no response. Thanks....
ReplyDeleteTHANKS SIR
ReplyDelete