Solved: Re: ASA 5506-X with no Firepower - Reimage/Upgrade

laurathaqi · ‎02-12-2022

Dear community,

I have some ASA 5506-X without Firepower, that I want to make use of. However, I first need to reimage the appliances. Cisco guides that I have found so far, do show the processes of ASA 5506-X with Firepower module only. Can someone guide me on how to apply the reimage the process of ASA 5506-X without firepower module ?

Thank you,

Laura

Rob Ingram · ‎02-12-2022

Hi @laurathaqi Refer to the reimage guide here, checkout the section FTD→ASA: ASA 5500-X or ISA 3000 (ignore the title), skip the first few unrelated FTD/FMC steps. This section the rest of the procedure to reimage an ASA and configure the basics, with an example for the 5506X. When you get to the Firepower module section you can ignore this.

HTH

View solution in original post

Aref Alsouqi · ‎02-12-2022

If you have access to those firewalls and you just want to upgrade their ASA software then these are the steps you would need to accomplish this task:

1) use this command to wipe out all the firewall configs "write erase"

2) upload the latest recommended .bin file to the firewall, you can use tftp to do this which is very common

3) change the boot system with the command "boot system ..." and point to the new .bin file you uploaded on the flash

4) write memory

5) reload

if you don't have the credentials to log into these firewalls then you can follow the steps in this link, once that is done you can start with the above steps:

https://community.cisco.com/t5/security-documents/asa-password-recovery/ta-p/3126046

View solution in original post

balaji.bandi · ‎02-12-2022

ASA-9.14.3.18. - to reach this one you need to have a minimum ASA 9.2 version of code. - so you need to check is the ASA has - sometimes it requires ROMMON Upgrade.

Factory reset :

config t

config factory-default (follow the guided process)

once that is completed

reload save-config noconfirm (reload the device to basic setup)

check the release notes :

https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/release/notes/asarn914.html

The current version to 9.2 ....9.14 is suggested here.

Since its not in production your upgrade can be done at any time..

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Rob Ingram · ‎02-12-2022

Hi @laurathaqi Refer to the reimage guide here, checkout the section FTD→ASA: ASA 5500-X or ISA 3000 (ignore the title), skip the first few unrelated FTD/FMC steps. This section the rest of the procedure to reimage an ASA and configure the basics, with an example for the 5506X. When you get to the Firepower module section you can ignore this.

HTH

balaji.bandi · ‎02-12-2022

What is the current version of ASA ? what version you looking to upgrade ?

reimage to Firepower or ASA ?

check below guide :

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html#id_57088

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

laurathaqi · ‎02-12-2022

Hi @balaji.bandi

The information I have right now is only that, its an ASA5506-X and that we need to reimage them to ASA, latest version it supports. However they also noted that they want the configuration set from scratch. They noted specifically that they do not have the Firepower module on these appliances.

Taking this information into consideration, for me to prepare, I stared to look for the guides on this ASA 5506-X model without the Firepower Module, but Cisco documentation and Google Blogs were pointing me to the Reimage process with Firepower module, all the time. Thus got confused.

Despite the fact that I do not have the current version, I am thinking to go with the latest version that this ASA supports which was ASA-9.14.3.18.

Thank you,

Laura

balaji.bandi · ‎02-12-2022

ASA-9.14.3.18. - to reach this one you need to have a minimum ASA 9.2 version of code. - so you need to check is the ASA has - sometimes it requires ROMMON Upgrade.

Factory reset :

config t

config factory-default (follow the guided process)

once that is completed

reload save-config noconfirm (reload the device to basic setup)

check the release notes :

https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/release/notes/asarn914.html

The current version to 9.2 ....9.14 is suggested here.

Since its not in production your upgrade can be done at any time..

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Aref Alsouqi · ‎02-12-2022

If you have access to those firewalls and you just want to upgrade their ASA software then these are the steps you would need to accomplish this task:

1) use this command to wipe out all the firewall configs "write erase"

2) upload the latest recommended .bin file to the firewall, you can use tftp to do this which is very common

3) change the boot system with the command "boot system ..." and point to the new .bin file you uploaded on the flash

4) write memory

5) reload

if you don't have the credentials to log into these firewalls then you can follow the steps in this link, once that is done you can start with the above steps:

https://community.cisco.com/t5/security-documents/asa-password-recovery/ta-p/3126046

johnlloyd_13 · ‎02-13-2022

hi,

there are some terms loosely used here.

just to be clear, do you want to re-image/convert the 5506x from FTD to ASA (i.e FTD 6.x to ASA 9.x)?

or do you want to perform an ASA version upgrade (i.e. 9.1 > 9.x)?

a 'show version' output will greatly help decide which image/path to choose.