cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3783
Views
3
Helpful
6
Replies

Cisco ASA bootproblem gets in a loop for a couple of times

Tim Roelands
Level 1
Level 1

Whenever my ASA boots, it needs more then one attempt to load the IOS. It starts doing it over and over again (mostly 4 or 5 times) At the end, it succeeds and I have a prompt. Doing some research, this does not look oke is it?

ciscoasa# sh boot

BOOT variable =
Current BOOT variable =
CONFIG_FILE variable =
Current CONFIG_FILE variable =

Some add information:

ciscoasa# sh ver

Cisco Adaptive Security Appliance Software Version 8.4(4)
Device Manager Version 6.4(9)

Compiled on Mon 21-May-12 10:48 by builders
System image file is "disk0:/asa844-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 24 mins 13 secs

Hardware:  ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                            Boot microcode  : CN1000-MC-BOOT-2.00
                            SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                            IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
                            Number of accelerators: 1

0: Int: Internal-Data0/0    : address is 0022.552a.ae03, irq 11
1: Ext: Ethernet0/0        : address is 0022.552a.adfb, irq 255
2: Ext: Ethernet0/1        : address is 0022.552a.adfc, irq 255
3: Ext: Ethernet0/2        : address is 0022.552a.adfd, irq 255
4: Ext: Ethernet0/3        : address is 0022.552a.adfe, irq 255
5: Ext: Ethernet0/4        : address is 0022.552a.adff, irq 255
6: Ext: Ethernet0/5        : address is 0022.552a.ae00, irq 255
7: Ext: Ethernet0/6        : address is 0022.552a.ae01, irq 255
8: Ext: Ethernet0/7        : address is 0022.552a.ae02, irq 255
9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255
The Running Activation Key is not valid, using default settings:

Licensed features for this platform:
Maximum Physical Interfaces      : 8              perpetual
VLANs                            : 3              DMZ Restricted
Dual ISPs                        : Disabled      perpetual
VLAN Trunk Ports                  : 0              perpetual
Inside Hosts                      : 10            perpetual
Failover                          : Disabled      perpetual
VPN-DES                          : Enabled        perpetual
VPN-3DES-AES                      : Disabled      perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials            : Disabled      perpetual
Other VPN Peers                  : 10            perpetual
Total VPN Peers                  : 12            perpetual
Shared License                    : Disabled      perpetual
AnyConnect for Mobile            : Disabled      perpetual
AnyConnect for Cisco VPN Phone    : Disabled      perpetual
Advanced Endpoint Assessment      : Disabled      perpetual
UC Phone Proxy Sessions          : 2              perpetual
Total UC Proxy Sessions          : 2              perpetual
Botnet Traffic Filter            : Disabled      perpetual
Intercompany Media Engine        : Disabled      perpetual

This platform has a Base license.


Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
Configuration register is 0x1
Configuration last modified by enable_15 at 13:01:05.779 UTC Sun Jul 22 2012

ciscoasa# sh run

ASA Version 8.4(4)
!
hostname ciscoasa
enable password Nd encrypted
passwd encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
!
object network obj_any
nat (inside,outside) dynamic interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
client-update enable
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.36 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:7607625bb72b86ef5e8aa2d2bf8b26a1

6 Replies 6

Leo Laohoo
Hall of Fame
Hall of Fame

Duplicate posts. 

Hi Bro

This is a problem. Can you paste the following output here?

FW1# show flash

FW1# dir

Warm regards,
Ramraj Sivagnanam Sivajanam

Hi!

Here it is:

ciscoasa# sh flash

--#--  --length--  -----date/time------  path
   81  25214976    Jul 22 2012 12:26:00  asa844-k8.bin
   82  18927088    Jul 22 2012 12:26:32  asdm-649.bin
    2  2048        Jul 22 2012 12:30:44  log
    5  2048        Jul 22 2012 12:31:02  crypto_archive
   75  0           Jul 22 2012 12:31:04  nat_ident_migrate
    9  2048        Jul 22 2012 12:31:08  coredumpinfo
   10  59          Jul 22 2012 12:31:08  coredumpinfo/coredump.cfg

127004672 bytes total (82567168 bytes free)

ciscoasa# dir

Directory of disk0:/

81     -rwx  25214976     12:26:00 Jul 22 2012  asa844-k8.bin
82     -rwx  18927088     12:26:32 Jul 22 2012  asdm-649.bin
2      drwx  2048         12:30:44 Jul 22 2012  log
5      drwx  2048         12:31:02 Jul 22 2012  crypto_archive
75     -rwx  0            12:31:04 Jul 22 2012  nat_ident_migrate
9      drwx  2048         12:31:08 Jul 22 2012  coredumpinfo

127004672 bytes total (82567168 bytes free)

Hi Bro

Perhaps, there's something wrong with your FLASH hardware. However, before we conclude anything, could you do the following steps. This may help to identify the root cause.

Step 1 :      remove all configuration from your FW and reboot the unit.

Step 2 :      format disk0:

Step 3 :      re-download the FW image file again asa844-1-k8.bin (25214976 bytes) and reboot the unit.

                  Note: The ASDM can come in later.

Step 4:       put in this command "boot system flash:/asa844-1-k8.bin", save the config and reboot the unit.

Step 5:       place back all your present configuration, and reboot the unit.

The above steps will narrow down if it's the present software image or the configuration or the flash hardware that's the root cause. Let me know how it goes :-)

P/S: If you think this comment is useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam

Could you please check the following log at bootup. Eventually it loads, but before that it does several attempts:

Loading...
IO memory blocks requested from bigphys 32bit: 9672


CISCO SYSTEMS
Embedded BIOS Version 1.0(12)11 04/30/08 15:45:41.19

Low Memory: 632 KB
High Memory: 251 MB
PCI Device Table.
Bus Dev Func VendID DevID Class              Irq
00  01  00   1022   2080  Host Bridge
00  01  02   1022   2082  Chipset En/Decrypt 11
00  0C  00   1148   4320  Ethernet           11
00  0D  00   177D   0003  Network En/Decrypt 10
00  0F  00   1022   2090  ISA Bridge
00  0F  02   1022   2092  IDE Controller
00  0F  03   1022   2093  Audio              10
00  0F  04   1022   2094  Serial Bus         9
00  0F  05   1022   2095  Serial Bus         9

Evaluating BIOS Options ...
Launch BIOS Extension to setup ROMMON

Cisco Systems ROMMON Version (1.0(12)11) #4: Thu May  1 14:50:05 PDT 2008

Platform ASA5505

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.

Launching BootLoader...
Boot configuration file contains 1 entry.


Loading disk0:/asa844-k8.bin... Booting...
Platform ASA5505

Loading...
IO memory blocks requested from bigphys 32bit: 9672


CISCO SYSTEMS
Embedded BIOS Version 1.0(12)11 04/30/08 15:45:41.19

Low Memory: 632 KB
High Memory: 251 MB
PCI Device Table.
Bus Dev Func VendID DevID Class              Irq
00  01  00   1022   2080  Host Bridge
00  01  02   1022   2082  Chipset En/Decrypt 11
00  0C  00   1148   4320  Ethernet           11
00  0D  00   177D   0003  Network En/Decrypt 10
00  0F  00   1022   2090  ISA Bridge
00  0F  02   1022   2092  IDE Controller
00  0F  03   1022   2093  Audio              10
00  0F  04   1022   2094  Serial Bus         9
00  0F  05   1022   2095  Serial Bus         9

Evaluating BIOS Options ...
Launch BIOS Extension to setup ROMMON

Cisco Systems ROMMON Version (1.0(12)11) #4: Thu May  1 14:50:05 PDT 2008

Platform ASA5505

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.

Launching BootLoader...
Boot configuration file contains 1 entry.


Loading disk0:/asa844-k8.bin... Booting...
Platform ASA5505

Loading...
IO memory blocks requested from bigphys 32bit: 9672


CISCO SYSTEMS
Embedded BIOS Version 1.0(12)11 04/30/08 15:45:41.19

Low Memory: 632 KB
High Memory: 251 MB
PCI Device Table.
Bus Dev Func VendID DevID Class              Irq
00  01  00   1022   2080  Host Bridge
00  01  02   1022   2082  Chipset En/Decrypt 11
00  0C  00   1148   4320  Ethernet           11
00  0D  00   177D   0003  Network En/Decrypt 10
00  0F  00   1022   2090  ISA Bridge
00  0F  02   1022   2092  IDE Controller
00  0F  03   1022   2093  Audio              10
00  0F  04   1022   2094  Serial Bus         9
00  0F  05   1022   2095  Serial Bus         9

Evaluating BIOS Options ...
Launch BIOS Extension to setup ROMMON

Cisco Systems ROMMON Version (1.0(12)11) #4: Thu May  1 14:50:05 PDT 2008

Platform ASA5505

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.

Launching BootLoader...
Boot configuration file contains 1 entry.


Loading disk0:/asa844-k8.bin... Booting...
Platform ASA5505

Loading...
IO memory blocks requested from bigphys 32bit: 9672


CISCO SYSTEMS
Embedded BIOS Version 1.0(12)11 04/30/08 15:45:41.19

Low Memory: 632 KB
High Memory: 251 MB
PCI Device Table.
Bus Dev Func VendID DevID Class              Irq
00  01  00   1022   2080  Host Bridge
00  01  02   1022   2082  Chipset En/Decrypt 11
00  0C  00   1148   4320  Ethernet           11
00  0D  00   177D   0003  Network En/Decrypt 10
00  0F  00   1022   2090  ISA Bridge
00  0F  02   1022   2092  IDE Controller
00  0F  03   1022   2093  Audio              10
00  0F  04   1022   2094  Serial Bus         9
00  0F  05   1022   2095  Serial Bus         9

Evaluating BIOS Options ...
Launch BIOS Extension to setup ROMMON

Cisco Systems ROMMON Version (1.0(12)11) #4: Thu May  1 14:50:05 PDT 2008

Platform ASA5505

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.

Launching BootLoader...
Boot configuration file contains 1 entry.


Loading disk0:/asa844-k8.bin... Booting...
Platform ASA5505

Loading...
IO memory blocks requested from bigphys 32bit: 9672
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 88 files, 12456/62014 clusters
dosfsck(/dev/hda1) returned 0
Processor memory 104857600, Reserved memory: 41943040

Total SSMs found: 0

Total NICs found: 10
88E6095 rev 2 Gigabit Ethernet @ index 09 MAC: 0000.0003.0002
88E6095 rev 2 Ethernet @ index 08 MAC: 0022.552a.ae02
88E6095 rev 2 Ethernet @ index 07 MAC: 0022.552a.ae01
88E6095 rev 2 Ethernet @ index 06 MAC: 0022.552a.ae00
88E6095 rev 2 Ethernet @ index 05 MAC: 0022.552a.adff
88E6095 rev 2 Ethernet @ index 04 MAC: 0022.552a.adfe
88E6095 rev 2 Ethernet @ index 03 MAC: 0022.552a.adfd
88E6095 rev 2 Ethernet @ index 02 MAC: 0022.552a.adfc
88E6095 rev 2 Ethernet @ index 01 MAC: 0022.552a.adfb
y88acs06 rev16 Gigabit Ethernet @ index 00 MAC: 0022.552a.ae03
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
Verify the activation-key, it might take a while...
Failed to retrieve permanent activation key.
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
The Running Activation Key is not valid, using default settings:

Licensed features for this platform:
Maximum Physical Interfaces       : 8              perpetual
VLANs                             : 3              DMZ Restricted
Dual ISPs                         : Disabled       perpetual
VLAN Trunk Ports                  : 0              perpetual
Inside Hosts                      : 10             perpetual
Failover                          : Disabled       perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 10             perpetual
Total VPN Peers                   : 12             perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has a Base license.


Cisco Adaptive Security Appliance Software Version 8.4(4)

  ****************************** Warning *******************************
  This product contains cryptographic features and is
  subject to United States and local country laws
  governing, import, export, transfer, and use.
  Delivery of Cisco cryptographic products does not
  imply third-party authority to import, export,
  distribute, or use encryption. Importers, exporters,
  distributors and users are responsible for compliance
  with U.S. and local country laws. By using this
  product you agree to comply with applicable laws and
  regulations. If you are unable to comply with U.S.
  and local laws, return the enclosed items immediately.

  A summary of U.S. laws governing Cisco cryptographic
  products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

  If you require further assistance please contact us by
  sending email to export@cisco.com.
  ******************************* Warning *******************************

Copyright (c) 1996-2012 by Cisco Systems, Inc.

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706

Reading from flash...
!.
Cryptochecksum (unchanged): 4e8386d1 7cfcf9f4 73cd9c26 8aa87401
Type help or '?' for a list of available commands.
ciscoasa>

Hi Bro

The “IO memory blocks requested from bigphys 32bit: 9672” clearly indicates something isn’t right either with the FLASH CARD or the software image.

Cisco has a built in file check utility to fix problems just like this. Many folks who are familiar with unix systems also know the file system check or fsck utility.

To fix this problem, from the command prompt run fsck...

FW01# fsck disk0:

If this is successful you should see the following output:

FW01# fsck of disk0: complete

Assuming the above steps don't work out for you, please do the following;

Step 1 : remove all configuration from your FW and reboot the unit.

Step 2 : format disk0:

Step 3 : re-download the FW image file again asa844-1-k8.bin (25214976 bytes) and reboot the unit.

Note: The ASDM can come in later.

Step 4: put in this command "boot system flash:/asa844-1-k8.bin", save the config and reboot the unit.

Step 5: place back all your present configuration, and reboot the unit.

The above steps will narrow down if it's the present software image or the configuration or the flash hardware that's the root cause. Let me know how it goes :-)

P/S: If you think this comment is useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: