Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1897
Views
30
Helpful
5
Replies

CSCvj40480 - ASA 5508 v9.8.2 Firewall crashes out of the box when issuing "write erase"

Mike Traylor
Level 1
Level 1

‎05-18-2018 01:00 PM - edited ‎03-20-2019 10:09 PM

I have 4 brand new ASA 5508-X firewalls all experiencing this bug.

 

I have tried the following OS versions and am experiencing the write erase bug with all of them.

 

asa991-lfbff-k8.SPA

asa982-33-lfbff-k8.SPA

asa982-28-lfbff-k8.SPA

asa982-lfbff-k8.SPA

asa981-lfbff-k8.SPA

asa971-4-lfbff-k8.SPA

asa964-lfbff-k8.SPA

 

I have 4 brand new out of the box ASA's all with this bug.

 

I have 4 ASA's running these OS's in production that did not experience this when I prepped them for deployment (my first command is a write erase).

 

It is my concern this is a hardware issue.

 

I have a TAC case open and have requested that they investigate this possibility.

3 people had this problem
Labels:
0 Helpful
5 Replies 5

andrehenry
Level 1
Level 1

‎05-21-2018 12:02 PM

Error duplicated with exact behavior.  write erase  causes system panic.

ciscoasa# wr er
Erase configuration in flash memory? [confirm]
Panic: ci/console - fwhsec_burn_internal: Cannot span sectors - 0x470000 0x400 0xfc00 0x1000

...

 

Workaround: (until TAC comes back with a response/fix)

ciscoasa(config)# clear configure all

 

Other actions taken with same result (save yourself the time):

  • boot to ROMMON
  • erase disk0:
  • boot from disk1: (USB) with choice of IOS
  • format disk0:
    • ciscoasa(config)# format disk0:
  • copy IOS and ROMMON files (available through Cisco download) to disk0:
  • upgrade ROMMON (optional)
    • ciscoasa(config)# upgrade rommon
  • current version with issue displayed 1.1.12:
    •   Cisco Systems ROMMON, Version 1.1.12, RELEASE SOFTWARE
    •   Copyright (c) 1994-2017  by Cisco Systems, Inc.
    •   Compiled Wed 06/28/2017 14:36:11.63 by wchen64

 

 

 

andrehenry
Level 1
Level 1
In response to andrehenry

‎05-21-2018 12:23 PM

SOLVED - error is exhibited only in ROMMON 1.1.12... works in ROMMON 1.1.8... now just figuring out how to downgrade ROMMON to 1.1.8

Mike Traylor
Level 1
Level 1
In response to andrehenry

‎05-21-2018 12:50 PM

Per Cisco documentation you can only upgrade, not downgrade.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/admin-swconfig.html

Upgrade the ROMMON Image (ASA 5506-X, 5508-X, and 5516-X)
Follow these steps to upgrade the ROMMON image for the ASA 5506-X series, ASA 5508-X, and ASA 5516-X. The ROMMON version on your system must be 1.1.8 or greater.

Before You Begin
You can only upgrade to a new version; you cannot downgrade. To see your current version, enter the show module command and look at the Fw Version in the output for Mod 1 in the MAC Address Range table:

Looks like we will need to wait for a new version to be released that fixes this bug.

I also confirmed that my older firewalls in production not affected are running 1.1.8

rodcespe
Cisco Employee
Cisco Employee
In response to andrehenry

‎07-02-2018 01:47 PM - edited ‎07-02-2018 01:48 PM

 

You can only upgrade rommon to a new version; you cannot downgrade. To see your current version, enter the show module command and look at the Fw Version

 

Reference link:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/general/asa-98-general-config/admin-swconfig.html#task_90917D0EBAC2427487F6F51D21ABC235

0 Helpful

Mike Traylor
Level 1
Level 1

‎05-22-2018 07:23 AM

Support has advised the current work around is to use ciscoasa(config)# clear configure all
 as opposed to write erase.  I have confirmed this does not cause the firewall to crash.

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents