Showing results for 
Search instead for 
Did you mean: 
Mike Traylor

CSCvj40480 - ASA 5508 v9.8.2 Firewall crashes out of the box when issuing "write erase"

I have 4 brand new ASA 5508-X firewalls all experiencing this bug.


I have tried the following OS versions and am experiencing the write erase bug with all of them.










I have 4 brand new out of the box ASA's all with this bug.


I have 4 ASA's running these OS's in production that did not experience this when I prepped them for deployment (my first command is a write erase).


It is my concern this is a hardware issue.


I have a TAC case open and have requested that they investigate this possibility.


Error duplicated with exact behavior.  write erase  causes system panic.

ciscoasa# wr er
Erase configuration in flash memory? [confirm]
Panic: ci/console - fwhsec_burn_internal: Cannot span sectors - 0x470000 0x400 0xfc00 0x1000



Workaround: (until TAC comes back with a response/fix)

ciscoasa(config)# clear configure all


Other actions taken with same result (save yourself the time):

  • boot to ROMMON
  • erase disk0:
  • boot from disk1: (USB) with choice of IOS
  • format disk0:
    • ciscoasa(config)# format disk0:
  • copy IOS and ROMMON files (available through Cisco download) to disk0:
  • upgrade ROMMON (optional)
    • ciscoasa(config)# upgrade rommon
  • current version with issue displayed 1.1.12:
    •   Cisco Systems ROMMON, Version 1.1.12, RELEASE SOFTWARE
    •   Copyright (c) 1994-2017  by Cisco Systems, Inc.
    •   Compiled Wed 06/28/2017 14:36:11.63 by wchen64




SOLVED - error is exhibited only in ROMMON 1.1.12... works in ROMMON 1.1.8... now just figuring out how to downgrade ROMMON to 1.1.8

Per Cisco documentation you can only upgrade, not downgrade.

Upgrade the ROMMON Image (ASA 5506-X, 5508-X, and 5516-X)
Follow these steps to upgrade the ROMMON image for the ASA 5506-X series, ASA 5508-X, and ASA 5516-X. The ROMMON version on your system must be 1.1.8 or greater.

Before You Begin
You can only upgrade to a new version; you cannot downgrade. To see your current version, enter the show module command and look at the Fw Version in the output for Mod 1 in the MAC Address Range table:

Looks like we will need to wait for a new version to be released that fixes this bug.

I also confirmed that my older firewalls in production not affected are running 1.1.8


You can only upgrade rommon to a new version; you cannot downgrade. To see your current version, enter the show module command and look at the Fw Version


Reference link:

Mike Traylor

Support has advised the current work around is to use ciscoasa(config)# clear configure all
 as opposed to write erase.  I have confirmed this does not cause the firewall to crash.