cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1975
Views
0
Helpful
6
Replies

CISCO IOS issue

surajlingwal
Level 1
Level 1

While i upload the boot system for firewall ASA 5506-x with image cisco-asa-fp1k.9.16.2.SPA and after reloading getting below error and I couldn't able to login to firewall.

 

########################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################

Signature verification failed for key# 1
Failed to validate digital signature
Signature verification failed for key# 1
Failed to validate digital signature
LFBFF signature verification failed!!
lfbff_desc_get_payload_len bounds errorlfbff_desc_get_payload_len bounds error

6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

That's not the correct image for your hardware. The "fp1k" in the image name denotes that it is for ASA software running on Firepower 1k series appliances (1010, 1120, etc.).

You need one of the images listed on this page:

https://software.cisco.com/download/home/286283326/type/280775065/release/9.16.3%20Interim

For example, "asa9-16-3-23-lfbff-k8.SPA" would work.

surajlingwal
Level 1
Level 1

Thanks for reply Marvin.

But the FW is stuck we cant do any changes so how we can get out from it.
IT is stuck on below path :-

Signature verification failed for key# 1
Failed to validate digital signature
Signature verification failed for key# 1
Failed to validate digital signature
LFBFF signature verification failed!!
lfbff_desc_get_payload_len bounds errorlfbff_desc_get_payload_len bounds error

 

You can follow the procedure to reimage from fxos and specify a valid image.

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html#task_vhy_5kc_sgb

iwearing
Level 1
Level 1

Hi Gents,

Interesting as I have a similar issue trying to re-image an FTD-1120 which was already deployed with a 6.3 FTD image. Trying to Load 7.0.5

 

Failed to validate digital signature in Primary key Storage !!

Failed to validate digital signature in Backup key Storage !!

+-------------------------------------------------------------------+

+------------------------- FAILURE ---------------------------------+

+-------------------------------------------------------------------+

|                                                                   |

|             LFBFF signature authentication failed !!!             |

|                                                                   |

+-------------------------------------------------------------------+

Incorrect installer image for this platform !!

boot: error executing "boot disk1:cisco-ftd-fp1k.7.0.5-72.SPA"

I tried the ASA Image for the FTD-1120 which passes signature authentication but then fails

lfbff_desc_get_payload_len bounds errorlfbff_desc_get_payload_len bounds error

Would you have any ideas what the issue may be?

thanks

Ian

 

 

Hi Marvin,

Thank you for the reply. Yes this is the procedure that I am following. 

Do you think this document which references 1000/2100 also includes the 1120?

 

 

Review Cisco Networking for a $25 gift card