Hi Everyone, im having an issue where i am unable to download the pkg file for re-imaging my ASA to the unit. I am trying to flash a clean, fresh copy of 6.4.0 FTD firmware to this unit as a POC for upgrading a HA cluster of these units.
Running the commands in ROMMON as per the guide.
ASA→Threat Defense: ASA 5500-X or ISA 3000
(Source: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html)
It will download the LFBFF via TFTP, but will not download the PKG file. It just fails. I know its not an issue with the endpoint where the files live, as i was able to download the LFBFF file moments before using TFTP. When looking at packet captures, I see that there are only 4 packets, and they are TCP Retransmissions, I have a packet cap saved of it, but am unable to upload to the post. But can do some other method if needed.
No matter what i do, i always get error code 110, which i cant find anything on. And it only ever performs the 4 connection attempts to the server. I even tried HTTP and SCP, but still got similar results.
Im hoping for some guidance on where to go from here to get these units to install the 6.4.0 FW. I can confirm that my ROMMON version is also 1.1.8 which the documentation states is the minimum.
Below is the output of the process from the terminal
Cisco Systems ROMMON, Version 1.1.8, RELEASE SOFTWARE
Copyright (c) 1994-2015 by Cisco Systems, Inc.
Compiled Thu 06/18/2015 12:15:56.43 by builders
Current image running: Boot ROM0
Last reset cause: PowerCycleRequest
DIMM Slot 0 : Present
DIMM Slot 1 : Present
Platform ASA5508 with 8192 Mbytes of main memory
MAC Address: 50:0f:80:73:7c:f6
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 10 seconds. Boot in 9 seconds. Boot interrupted.
rommon 1 > address 10.4.90.10
rommon 2 > netmask 255.255.255.0
rommon 3 > server 10.4.90.2
rommon 4 > gateway 10.4.90.2
rommon 5 > file ftd-boot-9.12.1.6.lfbff
rommon 6 > set
ADDRESS=10.4.90.10
NETMASK=255.255.255.0
GATEWAY=10.4.90.2
SERVER=10.4.90.2
IMAGE=ftd-boot-9.12.1.6.lfbff
CONFIG=
PS1="rommon ! > "
ROMMONUPG=asa5500-firmware-1108.spa
rommon 7 > sync
rommon 8 > tftpdnld
ADDRESS: 10.4.90.10
NETMASK: 255.255.255.0
GATEWAY: 10.4.90.2
SERVER: 10.4.90.2
IMAGE: ftd-boot-9.12.1.6.lfbff
MACADDR: 50:0f:80:73:7c:f6
VERBOSITY: Progress
RETRY: 40
PKTTIMEOUT: 7200
BLKSIZE: 1460
CHECKSUM: Yes
PORT: GbE/1
PHYMODE: Auto Detect
Receiving ftd-boot-9.12.1.6.lfbff from 10.4.90.2!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
File reception completed.
Boot buffer bigbuf=348bd018
Boot image size = 146806912 (0x8c01880) bytes
[image size] 146806912
[MD5 signaure] d3594f86fb102d24e3185dec0807e2a7
LFBFF signature verified.
INIT: version 2.88 booting
Starting udev
Configuring network interfaces... done.
Populating dev cache
Detected PID ASA5508.
Found device serial number JAD212702ZN.
Found USB flash drive /dev/sdb
Found hard drive(s): /dev/sda
fsck from util-linux 2.26.2
fsck.fat 3.0.28 (2015-05-16)
/dev/sdb1: 1 files, 2/1798467 clusters
Launching boot CLI ...
Configuring network interface using DHCP
Bringing up network interface.
Depending on your network, this might take a couple of minutes when using DHCP...
ifup: interface lo already configured
Using IPv6 address: fe80::520f:80ff:fe73:7cf5
IPv4 address not assigned. Run 'setup' before installation.
INIT: Starting system message bus: dbus.
Starting OpenBSD Secure Shell server: sshd
generating ssh rsa key...
generating ssh dsa key...
generating ssh ecdsa key...
generating ssh ed25519 key...
done.
Starting Advanced Configuration and Power Interface daemon: acpid.
acpid: starting up with netlink and the input layer
acpid: 1 rule loaded
acpid: waiting for events: event logging is off
Starting internet superserver: xinetd.
No makedumpfile found.
Starting ntpd: done
Starting crond: OK
Cisco FTD Boot 6.4.0 (9.12.1.6)
Type ? for list of commands
firepower-boot>setup
[36m
Welcome to Cisco FTD Setup
[hit Ctrl-C to abort]
Default values are inside []
[0;0mEnter a hostname [firepower]: [s
[ufirepower
Do you want to configure IPv4 address on management interface?(y/n) [Y]: [sy
Do you want to enable DHCP for IPv4 address assignment on management interface?(y/n) [Y]: [sn
Enter an IPv4 address: [s10.4.90.100
Enter the netmask: [s255.255.255.0
Enter the gateway: [s10.4.90.2
Do you want to configure static IPv6 address on management interface?(y/n) [N]: [sn
[36mStateless autoconfiguration will be enabled for IPv6 addresses. [0;0m
Enter the primary DNS server IP address: [s10.4.90.2
Do you want to configure Secondary DNS Server? (y/n) [n]: [sn
Do you want to configure Local Domain Name? (y/n) [n]: [sn
Do you want to configure Search domains? (y/n) [n]: [sn
Do you want to enable the NTP service? [Y]: [sn
Please review the final configuration:
Hostname: firepower
Management Interface Configuration
IPv4 Configuration: static
IP Address: 10.4.90.100
Netmask: 255.255.255.0
Gateway: 10.4.90.2
IPv6 Configuration: Stateless autoconfiguration
DNS Configuration:
DNS Server:
10.4.90.2
NTP configuration: Disabled
[36mCAUTION:[0;0m
You have selected IPv6 stateless autoconfiguration, which assigns a global address
based on network prefix and a device identifier. Although this address is unlikely
to change, if it does change, the system will stop functioning correctly.
We suggest you use static addressing instead.
Apply the changes?(y,n) [Y]: [sy
Configuration saved successfully!
Applying...
Restarting network services...
Done.
Press ENTER to continue...
firepower-boot>system install fto p://10.4.90.2/ftd-6.4.0-102.pkg
[31;1m
######################## WARNING ############################
# The content of disk0: will be erased during installation! #
#############################################################
[0m
Do you want to continue? [y/N] y
Erasing disk0 ...
Verifying.<<<TRUNCATED OUTPUT>>>
110
Upgrade aborted.
firepower-boot>exit
Last login: Wed May 17 04:13:18 UTC 2023 on ttyS0
Cisco FTD Boot 6.4.0 (9.12.1.6)
Type ? for list of commands
firepower-boot>
Hi Marvin,
Yes i know that the 6.4 version is quite old, I am staging a POC upgrade for some customers that have some 5500 units in HA currently on 6.4.0. So we want to build up the staging environment as close as possible to current, then do the upgrade to a more recent version.
I can confirm that another system on my network can access the FTP server running on my laptop. And i can confirm that the firewall is open etc.. So it shouldn't be that. This is why i'm stumped as to what the issue is. And not finding anything about the error code 110 also doesn't help a lot.
I have also tried multiple different HTTP and FTP servers for this. The image below is another host on my network connecting to my FTP server
