cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3189
Views
0
Helpful
14
Replies

ASA 5525-X Console not working

Stephan_BI
Level 1
Level 1

Hi there, 

 

I have a bit of a weird issue, last week we have decommissioned an old rack that had 2x ASA-5525-X units in it. I remember that the units where configured in Failover mode. But the admin who last configured these is no longer with the company. 

 

The issue im having is that one of the ASA's is working fine I can log in to it no problem on both MNGT interface as well as on the Console. The other unit seems to boot but has no serial output whatsoever and also Im not able to connect to the management interface. When I look at the status LED's there is nothing wrong. And weirdly enough when I connect to what should be the WAN interface and do a packet capture I see ARP queries for the old WAN gateway which indicates to me it has loaded its config. 

 

Is there anyway to e.g. use a mainboard jumper to clear the Nvram? or can I swap the nVram from the working unit with the faulty one inorder to see if I can at least boot into it without any risk?

 

Any suggestions would be very welcome. 

 

14 Replies 14

johnlloyd_13
Level 9
Level 9

hi,

did you check the failover status? try to issue these on the primary box and post here:

show failover

show failover state

show failover history

 




 

Is there anyway to e.g. use a mainboard jumper to clear the Nvram? or can I swap the nVram from the working unit with the faulty one inorder to see if I can at least boot into it without any risk?

 

Any suggestions would be very welcome. 

 


does the 'faulty' unit has smartnet/warranty? i recommend raising a TAC case first rather than tinkering inside the box, unless you're a very technical person.


Hi John, 

 

No there is no more Failover info as the primary unit was already cleared. 

unfortunately this ASA is old and doesn't have a smartnet contract anymore. 

I have already tested the RAM of the Faulty unit and this is ok. But as this box is not under warranty Im more than willing to try some non official ways inorder to get the nvram reset. 

So not ideal but a worst case scenario option im thinking of is to make a full copy of the working unit and write it directly on the Apacer flash with an external writer

If no service impact for now, i suggest to remove the failed unit from network totally.

Start reset factory config, and test all working as expected  and joined them back to failover back to HA.

 

Make sure you have back of current config.

joining secondary device to HA, sugested  do in the maintenance window.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello Banji, Thank you for the response

 

 

How would i factory reset a unit without Serial or Management access to it, as that is the topic of this thread?

 

I need to reset the unit to reuse it and we cant get access to it. as described we already pulled the units and want to reuse them in a different role. 

at any time did you configured SSH,Telnet or any other access from internal network ports?
Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Hi Kasun, 

 

I dont think so, I have tried to do some captures on the 3x interfaces that are active (GE0,1,2) 

but exempt for the GE0 which is the WAN interface there is no response and on the WAN IP there is no SSH or ASDM enabled.

follow below guide for reset :

 

https://community.cisco.com/t5/security-documents/asa-password-recovery/ta-p/3126046

 

after reset, once you have console access post the show version to check all ok,.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji, 

 

Thank you for your reply, but as stated before there is no RTS on the Serial port so the standard procedures will not work.

So We're looking for a way in order to regain access to the box or a way to figure out if the unit has some hardware failure.

 

FYI were not looking for RFMQ suggestions such as check cable or baud rate. we are hoping some one has more indepth knowledge of hardware resetting nvrams on this Cisco mainboard.

There is no RTS on the Serial port   - can you elaborate on ths ? no RTS  where ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

On the serial port it self, there is no voltage at all on any of the pins 

as i remember on the first post you cnfimed it booted and working. how do you know it is working and booted ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

As I explained It boots and all status LED's are green the alarm LED is not active. Also as stated I think the box is faulty but at the same time when doing a Packet capture on the interface that was initially configured as the "Outside" interface I see ARP requests for the gateway and the configured IP responds which to me indicates it has loaded a config.

If you are sure and you know that device booted and you re well aware of the running interface config, why not configure your laptop inside interface IP range and connect  back to back to ASA with your laptop using ASDM and look what is wrong ?

 

have you tried that ? you have limited options here..since you do not have contract, you need to try best to fix. or if i were you, i buy one from ebay and replace, if the services are critical buy smartnet contact also. so business run smooth and no sleepless nights.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji, 

 

As stated im not looking for RYFMQ suggestions, but thanks for the intrest anyway.

Review Cisco Networking for a $25 gift card