06-13-2017 03:50 AM - edited 02-21-2020 06:05 AM
Hi, I've got a pair of ASA 5545's running OS v 9.3(3)2 and the IDS/IPS Modules are also enabled.
We wanted to upgrade the OS to v.9.6(3)1 which according to the release notes should be no problem. It is though !
The Standby ASA had the image flagged to be used at boot, using the zero downtime upgrade procedure, the Standby ASA was rebooted.
It went into a bootloop and had to be stopped by using Rommon. It's now back to using v. 9.3(3)2.
Is there some different OS upgrade procedure I should be following ?
Any help would be much appreciated.
Phil
06-13-2017 07:29 AM
Hi,
have you tried going through 9.4 and 9.5 instead of going straight to 9.6?
Thanks
John
06-14-2017 03:27 AM
Hi John,
thought about lots of things since then but according to Cisco, should be no problem to go from 9.3(3) 2 to any higher release.
Phil
06-13-2017 09:17 AM
Might be a silly a question... but did you ensure the Standby ASA also had the image uploaded to its flash (disk0:)?
The image will need to be uploaded on both ASAs.
06-14-2017 03:29 AM
Hi dperezoquendo, The Standby ASA had the image flagged to be used at boot, using the zero downtime upgrade procedure, the Standby ASA was rebooted.
The image was on both ASA's.
Phil
06-14-2017 08:16 AM
Hello,
Figured I'd asked. I've seen it a few times where someone tried to upgrade standby firewall after seeing "boot system disk0:/<img>" in the config when there was no image uploaded.
Have you tried removing and uploading a new image? Perhaps the file somehow corrupted during its initial upload. I would also recommend trying to download a new one as well. The upgrade procedure your doing should be fine.
Also if the ASA reboots in rommon again, you may want to check the confreg to ensure is 0x1 and booting from the flash. You can do this by typing confreg in rommon. From here you can follow the prompts and answer no to everything except for enable flash boot.
06-14-2017 09:06 AM
Hi,
I've checksummed the file and it's ok.
It didn't go into rommon, I broke the bootloop and entered rommon.
Maybe I should say that I've been working with Cisco kit for over 30 years, 25 of them as CCSP/CCNP Security. I'm no newbie and even though nobody is perfect, I am pretty sure that there was nothing amiss with the files and procedure I used. Also Cisco's release notes say that there should be no problem upgrading from the running version to the version chosen.
Thanks for your suggestions.
The fact of the matter is, the upgrade does not work. I'd like to find out why and what the solution is. If nobody else has encountered it, then it looks like I have some sort of hardware problem. I have seen another thread albeit for a 5515 I think.
Phil
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide