cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2355
Views
15
Helpful
7
Replies

Cisco ASA 5525-x boot loop

tanner.zaitt
Level 3
Level 3

Hi Cisco community.

I am faced with a boot issue after an improperly implemented upgrade to Cisco Adaptive Security Appliance Software Version 9.18(1).

The previous version was Cisco Adaptive Security Appliance Software Version 9.17(1)


Now I see these messages on the console:

core0: An internal error occurred. Specifically, a programming assertion was
violated. Copy the error message exactly as it appears, and get the
output of the show version command and the contents of the configuration
file. Then call your technical support representative.

assertion "0" failed: file "quack.c", line 1076

Begin to dump crashinfo to flash....

End of console dump.
Do 'show crashinfo' after reboot to retrieve other crash information
Process shutdown finished
lina_reboot: KILLING LINA:(1421) with signal(6)
Rebooting... (status 0x86)
..
INIT: Switching to runlevel: 6
INIT: Sending processes the TERM signal
Stopping OpenBSD Secure Shell server: sshd
no /usr/sbin/sshd found; none killed
Stopping Advanced Configuration and Power Interface daemon: no /usr/sbin/acpid found; none killed
acpid.
Stopping random number generator daemon.
Deconfiguring network interfaces... done.
Sending all processes the TERM signal...
Sending all processes the KILL signal...
Deactivating swap...
Unmounting local filesystems...
Rebooting... Cisco BIOS Version:9B2C109A
Build Date:05/15/2013 16:34:44

CPU Type: Intel(R) Xeon(R) CPU X3430 @ 2.40GHz, 2394 MHz
Total Memory:8192 MB(DDR3 1333)
System memory:619 KB, Extended Memory:3573 MB

Booting from ROMMON

Cisco Systems ROMMON Version (2.1(9)8) #1: Wed Oct 26 17:14:40 PDT 2011

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.

Launching BootLoader...
Boot configuration file contains 3 entries.


Loading disk0:/asa9-18-1-smp-k8.bin... Booting...
Platform ASA5525


I can only to switch to ROMMON mode.
Please could you share with me how can I load the previous image to restore the normal operational mode of the firewall from ROMMON mode?
Could I boot manually the previous image from flash?
I don't want to use TFTP server.

How can I browse the internal flash from rommon to determine the path of the previous image and how can I boot it manually from rommon?

After booting it how I can remove totally the version "disk0:/asa9-18-1-smp-k8.bin"

I expect to be able to change the system boot with correct image from disk if I load the previous image manually.

And where I am wrong regarding upgrading it to 9-18-1?


Here I see it as the latest version:
Software Download - Cisco Systems


Thank you in advance.
Best Regards.



7 Replies 7

tanner.zaitt
Level 3
Level 3

Ah I did read the release note:
Release Notes for Cisco Secure Firewall ASDM, 7.18(x) - Cisco

And I did notice that:
ASA 9.14(x) was the final version for the ASA 5525-X, 5545-X, and 5555-X.
Maybe this is the reason why I am not able to boot the latest version ASA 9.18..
But I am surprised how it works with ASA 9.17(x)?

Now I try to load the previous image from rommon.


For now I did found only this procedure:

rommon #1> confreg

Current Configuration Register: 0x00000000

Configuration Summary:

  boot ROMMON

Do you wish to change this configuration? y/n [n]: y

enable boot to ROMMON prompt? y/n [n]: n

enable TFTP netboot? y/n [n]: n

enable Flash boot? y/n [n]: y

select specific Flash image index? y/n [n]: n

disable system configuration? y/n [n]: n

go to ROMMON prompt if netboot fails? y/n [n]: n

enable passing NVRAM file specs in auto-boot mode? y/n [n]: n

disable display of BREAK or ESC key prompt during auto-boot? y/n [n]: n

Solved: ASA Keeps booting to Rommon! - Page 2 - Cisco Community

Can I boot the image from external usb flash?
Or From internal disk or flash?
If yes which commands, I should use?
And how I can identify the path of the previous image in ronmon?

I also did find this:
Solved: Showing directory when in ROMMON on ASA 5515 - Cisco Community
But I can't believe in that there is not have an option to load the previous image on flash or on disk..

Maybe I can prepare 4 GB usb  flash drive in FAT with asa9-17-1-smp-k8.bin file.
I can put it on the ASA FW.
I can put ASA in ROMMON.
Then I can  enable Flash boot? y/n [n]: y 
And then hit boot or I should specify the path?
Or can I use the previous image from disk using rommon mode?
boot system disk0:/asa9-17-1-smp-k8.bin?


I also did find:
Cisco ASA Recovery Using Rommon Mode - Cisco ASA VPN | Configuring Cisco (deltaconfig.com)

"The special ROMMON mode looks something like this:
Use ? for help.
ROMMON #0>

Once you’re in this mode, you should try to force the device to start by entering the system command “boot“:
ROMMON #0> boot

Cisco ASA will try to load the operating system image that is located on the internal Flash memory. I can tell you right now that, in my years of practice, this has worked only once, when I got lucky and the device booted normally. Most of the times if the firewall does not load on its own, then it will not be able to load from the boot command under ROMMON mode."

Please share your opinion.
Thank you in advance.
Best Regards.

the release notes you read were ASDM, so as per cisco 9.14 is the latest interim. not sure you had 9.17 before and worked ?

Download from the Image from the cisco site 

https://software.cisco.com/download/home/284143129/type/280775065/release/9.14.4%20Interim

and follow below thread and see if you able to fix the boot loop first:

https://community.cisco.com/t5/network-security/asa5506-usb-boot-in-rommon/td-p/4608155

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

 

I did find this post:
"Connect USB : (make sure FAT formated) - 4GB or 8GB USB stick should be good.

ROMMON> dir

You will see the USB disk1 depends on where you connected.

ROMMON> dir disk1:  ( you will see ASA image)

ROMMON> boot disk1:asaimage.bin  or  

ROMMON>copy disk1:asaimage.bin disk0:  ( change boot variable to boot)

Once it booted you can copy from USB to Flash and set boot variable to boot from Flash."

But dir command in my case is not recognized in the ROMMON mode.
How I can identify the storages and the files under rommon mode?
Or just I should do boot command with expected path for disk or usb flash together with image name?
ROMMON> boot disk1:asaimage.bin (from internal disk)
ROMMON>boot flash:/asaimage.bin (from external usb flash drive)

Now I am not able to connect with console to the FW.
Tomorow I will have opportunity to try some boot commands.

Like you discovered and @balaji.bandi  confirmed, ASA 9.14(x) is the last supported release for the ASA 5525-X model. It's surprising that it was working with 9.17.

You should be able to boot 9.14.x via USB or tftp. You cannot do a dir or otherwise display the directory from rommon.

Yes, I could confirm 9.17 works.
I suspect the reason for this is the upgraded RAM memory.

I try to understand the conception of usb boot.
If I understand correctly, booting from flash usb is temporary method to put ASA fw in normal operating mod.
After booting the same configuration as before is loaded and then easy you could remove the unsupported image from the disk and you could manipulate the system boot parameter on the configuration to load the previously image.
Please correct me if I am not rigth.

But which commands I should use to boot the image from usb flash drive on rommon mode?






yes your understanding correct - you boot from USB to fix any corrupted not supported image was in ASA, then delete the not working image from ASA, and copy the image from USB and setup boot variable.

But which command I should use to boot the image from usb flash drive form rommon mode?

did you get a chance to read below thread and steps :

https://community.cisco.com/t5/network-security/asa5506-usb-boot-in-rommon/td-p/4608155

step missed on the thread was the boot variable :

(config)# boot system disk0:/images/xxxxxxxxxxxxxx.bin  (make sure you correct the path and file name)

 Cisco official document if you looking for some validation and reading :

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/general/asa-98-general-config/admin-swconfig.html#ID-2152-000008e5

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thank you.
I will try:
ROMMON> boot disk0:/asa9-17-1-smp-k8.bin
I did see the path of the images on the disk on the console while trying to load the unsupported image and I don't need to identify storage and files, if I remember the name of the bin file.
In this case I suspect flash usb drive is not needed.
The old image on the disk0:/ is okay.
If the booting is successfully then I could remove the disk0:/asa9-18-1-smp-k8.bin with delete command.
Then I could try to set from configuration mode the previous image for default boot.

(config)# boot system disk0:/asa9-17-1-smp-k8.bin

I will inform here if I solve my issue in this way.
 Thank you, for the guidance and your attention regarding the topic.

Review Cisco Networking for a $25 gift card