Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2432
Views
5
Helpful
5
Replies

How do I sanitize an ASA?

Go to solution
jimmyc_2
Level 1
Level 1

‎10-07-2013 07:39 AM - edited ‎03-11-2019 07:48 PM

           What files do I need to keep in the flash, besides the IOS and ASDM?

Any other information would be appreciated.

Thanks.       

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to jimmyc_2

‎10-07-2013 10:57 AM

Hi,

So the purpose is to remove any old configuration rather than just make space on the Flash of the ASA?

Well to my understanding you wont need much more for basic firewall operation other than the ASA IOS image. The ASDM is naturally typically included as you need it for some configuration jobs typically though majority of the configurations can be done through the CLI also.

Looking at my ASA5505 Flash at the moment I can't really see that many files that it would need than the ASA IOS and ASDM.

I guess you can remove the current startup configurations if its to be sent as a blank ASA. Naturally if it has several software images on the Flash at the moment then I dont really see the problem letting them be there and letting the new users worry about what they want to keep on the Flash.

- Jouni

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎10-07-2013 08:07 AM

Hi,

To my understanding the biggest files that take space (and are worth removing for extra space on the Flash) are the ASA IOS, ASDM GUI and VPN related files. So I guess it depends in what use the ASA firewall in question is. If its purely in use for Firewall purposes (no VPN) then you might save space by removing VPN related images. In that case it would probably also be good to copy those files to some host before removing them from Flash just incase you need them later and dont have a service contract.

To my understanding already the latest version of the original ASA5500 Series included more than enough Flash memory for normal usage. I mean have space for a few software versions for both ASA IOS and ASDM.

I guess you could start by atleast viewing the output of the following commands so show what most common files are in use

show run boot

show run asdm

show run webvpn

If the first 2 commands dont provide any output referring to a file name then you should probably check also

show version

To see what images the ASA currently boots to

You can naturally also share the output of

dir flash:

From your device to see what you have on the Flash.

I am atleast glad that I dont have to deal anymore with the PIX firewalls with 16MB Flash memory.

- Jouni

0 Helpful

Go to solution
jimmyc_2
Level 1
Level 1
In response to Jouni Forss

‎10-07-2013 10:44 AM

I want to give my ASA to another division, and I want to ensure everything I have on it is cleared, but still leave it functional.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to jimmyc_2

‎10-07-2013 10:54 AM

Jouni's suggestions are correct and pretty comprehensive.

Short version:

Reset the configuration to factory default (use "configure factory-default" command) and write mem to save that configuration.

Delete everything on flash EXCEPT the running ASA and specified ASDM images.

Reload just to doublecheck.

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to jimmyc_2

‎10-07-2013 10:57 AM

Hi,

So the purpose is to remove any old configuration rather than just make space on the Flash of the ASA?

Well to my understanding you wont need much more for basic firewall operation other than the ASA IOS image. The ASDM is naturally typically included as you need it for some configuration jobs typically though majority of the configurations can be done through the CLI also.

Looking at my ASA5505 Flash at the moment I can't really see that many files that it would need than the ASA IOS and ASDM.

I guess you can remove the current startup configurations if its to be sent as a blank ASA. Naturally if it has several software images on the Flash at the moment then I dont really see the problem letting them be there and letting the new users worry about what they want to keep on the Flash.

- Jouni

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to jimmyc_2

‎10-07-2013 08:09 PM

hi,

you can alternatively use these commands:

* clear configure all: Clears the entire running configuration

* clear configure primary: Clears all commands related to connectivity, including the ip address, mtu, monitor-inteface, boot, route, failover, tftp-server, and shun commands

* clear configure secondary: Clears all commands not related to ASA connectivity

* write erase and reload commands.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card