Solved: ASA 5506-X

Dhikra Marghli · ‎10-28-2021

Hello

I have ASA 5506-X and i have a problem :

when i put this command : system install noconfirm ftp://192.168.1.254/ftd-6.2.3-83.pkg via xlight ftp server :===> it show this message :

////////////////////////////////////////////////////////////

firepower-boot>system install noconfirm ftp://192.168.1.254/ftd-6.2.3-83.pkg

######################## WARNING ############################
# The content of disk0: will be erased during installation! #
#############################################################

Do you want to continue? [y/N] y
Erasing disk0 ...
Extracting ...
Verifying

Enter credentials to authenticate with ftp server
Username: admin
Password:
Verifying
Downloading
Extracting
Package Detail
Description: Cisco ASA-FTD 6.2.3-83 System Install
Requires reboot: Yes

Warning: Please do not interrupt the process or turn off the system.
Doing so might leave system in unusable state.

Starting upgrade process ...
Populating new system image

Upgrade failed for an unknown reason. Please try again.
Upgrade failed. Logs can be viewed with "support view logs" command.

/////////////////////////////////////////////////////////////////////////////////////

so please how i can resolve this problem !!

i wait a reply from expert security ASA cisco to help me .

thanks in advance

johnlloyd_13 · ‎10-29-2021

hi,

did you use the 'setup' command as mentioned to configure a temporary MGMT IP?

can you issue a 'show interface' and 'ping 192.168.1.254' from the firepower-boot prompt?

firepower-boot> show interface

firepower-boot> ping192.168.1.254

also check your FTP server if the OS name and directory are correct and there's no host FW blocking.

View solution in original post

johnlloyd_13 · ‎10-29-2021

hi,

the network connectivity to FTP is ok

try to re-download the FTD boot and package files and re-do the steps again.

check the MD5 checksum to ensure the downloaded files are not corrupted.

View solution in original post

johnlloyd_13 · ‎10-30-2021

hi,

since you don't have a smartnet contract, try with a spare SSD drive or another ASA 5506x

last would be just revert back to original ASA code/version.

View solution in original post

Dhikra Marghli · ‎10-28-2021

Also other information ASA 5506-X cisco

Cisco Systems ROMMON, Version 1.1.13, RELEASE SOFTWARE
Copyright (c) 1994-2017 by Cisco Systems, Inc.
Compiled Mon 10/16/2017 17:54:58.29 by wchen64

so please i send two message that i hope that help expert answer me

thanks

Rob Ingram · ‎10-28-2021

@Dhikra Marghli can you ping the FTP server's IP address to confirm there is connectivity?

Is the FTP server service running?

Could there be a local firewall running on the FTP server that may be blocking communication?

Did you run the command "support view logs" to see what the error message was?

Dhikra Marghli · ‎10-29-2021

Hello

i put this command : But the same message error :

>system install ftp://admin:admin123@192.168.1.254/ftd-6.2.3-83.pk

######################## WARNING ############################
# The content of disk0: will be erased during installation! #
#############################################################

Do you want to continue? [y/N] y
Erasing disk0 ...
Extracting ...
Verifying
Downloading
Extracting
Package Detail
Description: Cisco ASA-FTD 6.2.3-83 System In stall
Requires reboot: Yes

Do you want to continue with upgrade? [y]: y
Warning: Please do not interrupt the process or turn off the system.
Doing so might leave system in unusable state.

Starting upgrade process ...
Populating new system image

Upgrade failed for an unknown reason. Please try again.
Upgrade failed. Logs can be viewed with "support view logs" command.
firepower-boot>

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

firepower-boot>support view logs

===View Logs===

============================
Directory: /var/log
----------sub-dirs----------
cisco
sa
-----------files------------
2021-10-29 07:34:39.480066 | 97 | install.log
2021-10-29 07:04:15.560004 | 292292 | lastlog
2021-10-29 07:37:54.870073 | 31665 | messages
2021-10-29 07:04:15.560004 | 4608 | wtmp

([b] to go back or [s] to select a file to view, [Ctrl+C] to exit)

/////////////////////////////////////

so please , what is problem exat !! and what's the solution because the customer wait resolve this problem for ASA 5506.

i wait a reply .

thanks in advance

Dhikra Marghli · ‎10-29-2021

so what do you think !! this is a hard problem !!

thanks

johnlloyd_13 · ‎10-28-2021

hi,

did you use the 'setup' command to assign an IP address?

make sure FTP user/PW is used and it's reachable and firewall allows FTP.

>system install ftp://ftpuser:ftppw@192.168.1.1/ftd-6.2.3-83.pkg

see helpful link:

https://ccnpsecuritywannabe.blogspot.com/2019/07/reimaging-cisco-asa-5500-x-to-firepower.html

Dhikra Marghli · ‎10-29-2021

Hello

i put this command : But the same message error :

>system install ftp://admin:admin123@192.168.1.254/ftd-6.2.3-83.pk

######################## WARNING ############################
# The content of disk0: will be erased during installation! #
#############################################################

Do you want to continue? [y/N] y
Erasing disk0 ...
Extracting ...
Verifying
Downloading
Extracting
Package Detail
Description: Cisco ASA-FTD 6.2.3-83 System In stall
Requires reboot: Yes

Do you want to continue with upgrade? [y]: y
Warning: Please do not interrupt the process or turn off the system.
Doing so might leave system in unusable state.

Starting upgrade process ...
Populating new system image

Upgrade failed for an unknown reason. Please try again.
Upgrade failed. Logs can be viewed with "support view logs" command.
firepower-boot>

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

firepower-boot>support view logs

===View Logs===

============================
Directory: /var/log
----------sub-dirs----------
cisco
sa
-----------files------------
2021-10-29 07:34:39.480066 | 97 | install.log
2021-10-29 07:04:15.560004 | 292292 | lastlog
2021-10-29 07:37:54.870073 | 31665 | messages
2021-10-29 07:04:15.560004 | 4608 | wtmp

([b] to go back or [s] to select a file to view, [Ctrl+C] to exit)

/////////////////////////////////////

so please , what is problem exat !! and what's the solution because the customer wait resolve this problem for ASA 5506.

i wait a reply .

thanks in advance

johnlloyd_13 · ‎10-29-2021

hi,

did you use the 'setup' command as mentioned to configure a temporary MGMT IP?

can you issue a 'show interface' and 'ping 192.168.1.254' from the firepower-boot prompt?

firepower-boot> show interface

firepower-boot> ping192.168.1.254

also check your FTP server if the OS name and directory are correct and there's no host FW blocking.

Dhikra Marghli · ‎10-29-2021

firepower-boot>show interface
eth0 Link encap:Ethernet HWaddr 70:6d:15:0b:31:ad
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::726d:15ff:fe0b:31ad/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:903123 errors:0 dropped:0 overruns:0 frame:0
TX packets:362648 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1105006973 (1.0 GiB) TX bytes:19586224 (18.6 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.255.255.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:552 (552.0 B) TX bytes:552 (552.0 B)

firepower-boot>ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=128 time=0.336 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=128 time=0.482 ms
64 bytes from 192.168.1.254: icmp_seq=3 ttl=128 time=0.511 ms
64 bytes from 192.168.1.254: icmp_seq=4 ttl=128 time=0.656 ms
64 bytes from 192.168.1.254: icmp_seq=5 ttl=128 time=0.469 ms
64 bytes from 192.168.1.254: icmp_seq=6 ttl=128 time=0.458 ms
64 bytes from 192.168.1.254: icmp_seq=7 ttl=128 time=0.479 ms
64 bytes from 192.168.1.254: icmp_seq=8 ttl=128 time=0.458 ms
64 bytes from 192.168.1.254: icmp_seq=9 ttl=128 time=0.472 ms
64 bytes from 192.168.1.254: icmp_seq=10 ttl=128 time=0.480 ms
64 bytes from 192.168.1.254: icmp_seq=11 ttl=128 time=0.472 ms
64 bytes from 192.168.1.254: icmp_seq=12 ttl=128 time=0.278 ms
64 bytes from 192.168.1.254: icmp_seq=13 ttl=128 time=0.269 ms
64 bytes from 192.168.1.254: icmp_seq=14 ttl=128 time=0.268 ms
64 bytes from 192.168.1.254: icmp_seq=15 ttl=128 time=0.454 ms
64 bytes from 192.168.1.254: icmp_seq=16 ttl=128 time=0.268 ms
64 bytes from 192.168.1.254: icmp_seq=17 ttl=128 time=0.272 ms
64 bytes from 192.168.1.254: icmp_seq=18 ttl=128 time=0.468 ms
64 bytes from 192.168.1.254: icmp_seq=19 ttl=128 time=0.503 ms

///////////////////////////////////////////////////////////////////////////////////////////////

also i send you two picture : image 1 and image 2

////////////////////////////////////////////////////////////////////

fw in desktop is also disable ..

///////////////////////////////////////////////////////////////

i used this step :

//erase disk0:
address 192.168.1.1
netmask 255.255.255.0
server 192.168.1.254
gateway 192.168.1.254
file ftd-boot-9.8.2.3.lfbff
set
sync
tftpdnld

setup
ftd
y
n
192.168.1.1
255.255.255.0
192.168.1.254
n
172.23.50.50
n
n
n
n
y
system install noconfirm ftp://192.168.1.254/ftd-6.2.3-83.pkg

////////////////////////////////////////////////////////////////

so i send you all check and what i can check more !!!

so please , our customer need solution and we have not other hardware ASA becasue we not have contract with TAC for ASA.

so i wait a reply from expert security .

thanks

johnlloyd_13 · ‎10-29-2021

hi,

the network connectivity to FTP is ok

try to re-download the FTD boot and package files and re-do the steps again.

check the MD5 checksum to ensure the downloaded files are not corrupted.

Dhikra Marghli · ‎10-29-2021

Hello

i try this step more 5 times but the same error message .

this problem that our customer need resolve this problem and service is down for customer .

so i wait from expert what is solution !!

Dhikra Marghli · ‎10-29-2021

So

what i can doing other check ...all check , i do but the problem is still persists....

i wait other check from you .

thanks

johnlloyd_13 · ‎10-30-2021

hi,

since you don't have a smartnet contract, try with a spare SSD drive or another ASA 5506x

last would be just revert back to original ASA code/version.

Dhikra Marghli · ‎10-30-2021

Do you think use last IOS FTD or IOS ROMMON !!

Dhikra Marghli · ‎10-31-2021

hello

i ask expert security for ASA5506 but up now no answer can resolve the problem ...