Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1717
Views
0
Helpful
3
Replies

5506-X ROMMON configuration

Go to solution
me77
Level 1
Level 1

‎01-28-2018 06:46 PM - edited ‎02-21-2020 07:13 AM

I'm trying to reimage a 5506-X with the FTD image, unable to get basic connectivity from my laptop when using the settings described in the documentation.

My laptop is plugged directly into M1/1 with a static IP. 

The firewall is using another IP within the same subnet.

The server is setup to be the laptop (which will be used to push the image.)

This should be exactly how it is described in the documentation, I can get physical link lights, but no ability to ping.

I am seeing a flashing orange Status light when I enter ROMMON, which I'm not sure why.

 

rommon #0> address 172.16.1.2
rommon #1> server 172.16.1.3
rommon #2> gateway 172.16.1.3
rommon #3> netmask 255.255.255.0

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ajay Saini
Level 7
Level 7
In response to me77

‎01-29-2018 10:28 PM

Hello,

 

Sometimes softwares present on laptop would block ping and tftp. Antivirus/HIPS agents/Windows firewall can block for example. If you can install wireshark software, you can take captures on NIC to see what is happening with the tftp or icmp request on the machine.

 

-

HTH
AJ

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ajay Saini
Level 7
Level 7

‎01-28-2018 07:58 PM

Hello,

 

The config parameters looks okay, just image needs to be specified. 

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/general/asa-95-general-config/admin-swconfig.html

 

Is the ping enabled on the laptop, you can set the default gateway on laptop as the management ip address and try to ping from laptop to firewall. Captures on machine using wireshark can help rule out

issue.

 

what output do you get with 'set' command

 

-

HTH

AJ

0 Helpful

Go to solution
me77
Level 1
Level 1
In response to Ajay Saini

‎01-29-2018 02:47 PM - edited ‎01-29-2018 04:32 PM

For the ASA I have

Address=192.168.1.10
Netmask=255.255.255.0

Server=192.168.1.5

Gateway=192.168.1.1

Image=ftd-boot-9.7.1.4.lfbff

 

On the laptop, I have

IP Address 192.168.1.5

Subnet Mask 255.255.255.0

Default Gateway 192.168.1.1

 

With these settings I can ping from laptop->ASA, but not the other way around.

I have also tried various combinations of default gateway on both sides (setting one side or the other, or both as 192.168.1.5 and 192.168.1.10)

 

It seems that pinging the ASA only works if I'm trying to ping the laptop at the same time.

 

0 Helpful

Go to solution
Ajay Saini
Level 7
Level 7
In response to me77

‎01-29-2018 10:28 PM

Hello,

 

Sometimes softwares present on laptop would block ping and tftp. Antivirus/HIPS agents/Windows firewall can block for example. If you can install wireshark software, you can take captures on NIC to see what is happening with the tftp or icmp request on the machine.

 

-

HTH
AJ

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card