Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
682
Views
0
Helpful
6
Replies

ASA OS Upgrade not working

Philip Brown
Level 1
Level 1

‎06-13-2017 03:50 AM - edited ‎02-21-2020 06:05 AM

Hi, I've got a pair of ASA 5545's running OS v 9.3(3)2 and the IDS/IPS Modules are also enabled.

We wanted to upgrade the OS to v.9.6(3)1 which according to the release notes should be no problem. It is though !

The Standby ASA had the image flagged to be used at boot, using the zero downtime upgrade procedure, the Standby ASA was rebooted.

It went into a bootloop and had to be stopped by using Rommon. It's now back to using v. 9.3(3)2.

Is there some different OS  upgrade procedure I should be following ?

Any help would be much appreciated.

Phil

0 Helpful
6 Replies 6

johnd2310
Level 8
Level 8

‎06-13-2017 07:29 AM

Hi,

have you tried going through 9.4 and 9.5 instead of going straight to 9.6?

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Philip Brown
Level 1
Level 1
In response to johnd2310

‎06-14-2017 03:27 AM

Hi John,

thought about lots of things since then but according to Cisco, should be no problem to go from 9.3(3) 2 to any higher release.

Phil

0 Helpful

dperezoquendo
Level 1
Level 1

‎06-13-2017 09:17 AM

Might be a silly a question... but did you ensure the Standby ASA also had the image uploaded to its flash (disk0:)? 

The image will need to be uploaded on both ASAs.

0 Helpful

Philip Brown
Level 1
Level 1
In response to dperezoquendo

‎06-14-2017 03:29 AM

Hi dperezoquendo, The Standby ASA had the image flagged to be used at boot, using the zero downtime upgrade procedure, the Standby ASA was rebooted.

The image was on both ASA's.

Phil

0 Helpful

dperezoquendo
Level 1
Level 1
In response to Philip Brown

‎06-14-2017 08:16 AM

Hello,

Figured I'd asked. I've seen it a few times where someone tried to upgrade standby firewall after seeing "boot system disk0:/<img>" in the config when there was no image uploaded.

Have you tried removing and uploading a new image? Perhaps the file somehow corrupted during its initial upload. I would also recommend trying to download a new one as well. The upgrade procedure your doing should be fine.

Also if the ASA reboots in rommon again, you may want to check the confreg to ensure is 0x1 and booting from the flash. You can do this by typing confreg in rommon. From here you can follow the prompts and answer no to everything except for enable flash boot.

0 Helpful

Philip Brown
Level 1
Level 1
In response to dperezoquendo

‎06-14-2017 09:06 AM

Hi,

I've checksummed the file and it's ok.

It didn't go into rommon, I broke the bootloop and entered rommon.

Maybe I should say that I've been working with Cisco kit for over 30 years, 25 of them as CCSP/CCNP Security. I'm no newbie and even though nobody is perfect, I am pretty sure that there was nothing amiss with the files and procedure I used. Also Cisco's release notes say that there should be no problem upgrading from the running version to the version chosen.

Thanks for your suggestions.

The fact of the matter is, the upgrade does not work. I'd like to find out why and what the solution is. If nobody else has encountered it, then it looks like I have some sort of hardware problem. I have seen another thread albeit for a 5515 I think.

Phil

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card