01-08-2017 09:25 AM - last edited on 03-25-2019 05:59 PM by ciscomoderator
Hello!
I'm trying to perform an upgrade of the ASA 5555-X from version 9.0(3) to 9.1(2), 9.2(4)-5, 9.6(2)-3 and it's failing. The only version I was able to upgrade to is 9.0(4).
According the "Upgrade to ASA 9.1, 9.2 and 9.6" guides, version 9.0(4) is ok to upgade to any of the versions I'm trying to go to.
Upgrade to 9.1 fails with an error:
ERROR: FIPS Self-Test failure, fips_continuous_rng_test [-1:11:0:4:16]
Upgrade to 9.2 and 9.6 fail with an error:
Panic: vfw_init_thread - ctm_initialize: ctm_snp_initialize failed.
Did anyone experience such an error? Firewall is turned on for the first time and I really think it's a subject to be RMAed.
01-08-2017 09:32 AM
Hi ,
This is the bug for the version.
you may refer the below .
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux33808/?referring_site=bugquickviewredir
Thanks,
Mani
01-08-2017 09:41 AM
Hello, Mani!
Thanks for the reply, but I do have FIPS disabled:
no fips enable
and the bug does describe issues with only with FIPS being enabled.
With the sofwtware releases listed as "fixed" in your bug link I receive following error (just tested with one more version, 9.4(3)-12:
Panic: vfw_init_thread - ctm_initialize: ctm_snp_initialize failed.
Also, I've tried to boot with wiped config at all, still no luck.
01-08-2017 11:24 PM
Have you tried 9.1.3. I believe it is bug
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCud05798/?reffering_site=dumpcr.
01-09-2017 12:47 AM
Hello!
Thanks for the proposal, but this bug does say:
Conditions:
This occurs when FIPS is enabled on the firewall and an anomaly is detected with the random number generator.
And I have FIPS mode explicitly disabled. Also, I've tried some more releases, listed as "Fixed" in this bug.
Should I try 9.1(3) or it wouldn't again make any sense?
01-09-2017 12:53 AM
The second error that you are getting points to hardware issue. I say to upgrade to 9.1.3 as the bug I gave doesn't fix the issue even when you disable the FIPS.
01-09-2017 01:36 AM
Tried 9.1(3), the error is the same as with 9.2 and 9.6:
Panic: vfw_init_thread - ctm_initialize: ctm_snp_initialize failed.
Thanks for the assistance, we are RMAing the unit.
01-09-2017 01:47 AM
yes then it seems hardware related
01-09-2017 12:56 AM
Also please follow the image as per below link:-
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#pgfId-763574
See section "upgrading the software"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide