cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7473
Views
5
Helpful
11
Replies

Loaded wrong boot image, now stuck in Cisco FTD on ASA5506-x

dec0dernyc
Level 1
Level 1

Hi, I tried upgrading the ASA 5506-x Firepower module from 5.4.1 to 6.0.1 and uploaded the wrong boot image.

I uploaded ftd-boot-9.6.2.0.lfbff to the 5506-x and booted with that image. Now I am stuck in the Cisco FTD image. My ASA software 9.2.1/9.2.3 should still be on the flash, but I cannot get to it. How can I load up my ASA9.2.1 boot image? I tried to browse the flash to see if I can view the files so I can get the correct file names, but it would not let me. What are my options here? Try to force a new boot image using ROMMON and tftp?

1 Accepted Solution

Accepted Solutions

Oliver Kaiser
Level 7
Level 7

Use this guide to re-image your ASA. You have to boot into ROMMON and load your asa image using tftp. The procedure is straight-forward and well documented in the guide.

If you have any questions let me know.

View solution in original post

11 Replies 11

dec0dernyc
Level 1
Level 1

Newbie error. Can someone assist with instructions on getting the ASA 9.*.* image back on this 5506-x?  The device doesn't fully boot up, and the orange light stays lit on the device. When I console into the 5506-x its the Cisco FTD login prompt. I can get into the ROMMON prompt if I hold the ESC button after rebooting the 5506-x. I need to boot from the ASA image again and not the new incorrect boot image that was uploaded to the 5506-x.

Thanks!!  

What can i do to get a new ASA boot image running?

Hi,

Use the same ASA ROMMON process and boot it up using the ASA code: -

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/admin_trouble.html#wp1076206

Thanks and Regards,

Vibhor

Oliver Kaiser
Level 7
Level 7

Use this guide to re-image your ASA. You have to boot into ROMMON and load your asa image using tftp. The procedure is straight-forward and well documented in the guide.

If you have any questions let me know.

kaisero, thanks. I followed the guide and ran into some issues.

I did an erase disk0: and wiped it, then tried to load the following file.

It seems the ASA was trying to pull the file off the TFTP but wouldn't transfer the file. I was trying to tftp the asa962-3-lfbff-k8.SPA to the 5506-x. It wouldn't take it. Any ideas? I was looking for an ASA962 bin file or boot file but couldn't find any on the Cisco website.

What is the error message you are receiving on rommon? Make sure you are able to reach your tftp server using your management1/1 interface.

Disable your anti-virus & firewall on your tftp server (in case its a client) and try again.

It timed out. I think connectivity was the issue as you stated.

I used the console cable to run the rommon commands, then, plugged in cat5 cable from my laptop to the Management port 1/1 on the 5506-X, which is the port right above the console port. I couldn't ping the ASA from the laptop and couldn't ping from the ASA to the laptop.

The interesting part is, I saw the ASA try to connect to my tftp and pull the file, but I guess it timed out. I will post the tftp logs here tonight. It has to be a connectivity issue. The only thing I can think of, is..... am I loading the correct file asa962-3-lfbff-k8.SPA into the ASA?

Thanks again for your assistance.

Check your arp cache. Do you see ASA mac address in your arp cache? If yes, can you ping ASA?

Like I said it is probably related to AV / Firewall on your client (trendmicro is a real pain when it comes to using tftpd). Check your tftpd server directory and copy/paste the filename into asa console to make sure the filename is correct.

kind regards

Oliver

I think you are right. I do have TrendMicro installed on the laptop. I'm going to have to kill all those TrendMicro processes and try again. I have limited time during the week, so I will try this again on Saturday.

Also be careful to note that the 5506/5508 and 5516 all require a ROM version upgrade prior to imaging using the FTD code.

Without that ROM upgrade you cannot image the unit.

Marvin Rhoads
Hall of Fame
Hall of Fame

Like Oliver says - you have to re-image.

Moving from ASA to FTD and vice versa completely removes the previous contents of the internal disk0.

Review Cisco Networking for a $25 gift card