Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
7472
Views
5
Helpful
11
Replies

Loaded wrong boot image, now stuck in Cisco FTD on ASA5506-x

Go to solution
dec0dernyc
Level 1
Level 1

ā€Ž11-14-2016 06:10 AM - edited ā€Ž03-12-2019 01:32 AM

Hi, I tried upgrading the ASA 5506-x Firepower module from 5.4.1 to 6.0.1 and uploaded the wrong boot image.

I uploaded ftd-boot-9.6.2.0.lfbff to the 5506-x and booted with that image. Now I am stuck in the Cisco FTD image. My ASA software 9.2.1/9.2.3 should still be on the flash, but I cannot get to it. How can I load up my ASA9.2.1 boot image? I tried to browse the flash to see if I can view the files so I can get the correct file names, but it would not let me. What are my options here? Try to force a new boot image using ROMMON and tftp?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Oliver Kaiser
Level 7
Level 7

ā€Ž11-23-2016 10:31 AM

Use this guide to re-image your ASA. You have to boot into ROMMON and load your asa image using tftp. The procedure is straight-forward and well documented in the guide.

If you have any questions let me know.

View solution in original post

0 Helpful
11 Replies 11

Go to solution
dec0dernyc
Level 1
Level 1

ā€Ž11-16-2016 10:12 AM

Newbie error. Can someone assist with instructions on getting the ASA 9.*.* image back on this 5506-x?  The device doesn't fully boot up, and the orange light stays lit on the device. When I console into the 5506-x its the Cisco FTD login prompt. I can get into the ROMMON prompt if I hold the ESC button after rebooting the 5506-x. I need to boot from the ASA image again and not the new incorrect boot image that was uploaded to the 5506-x.

Thanks!!  

0 Helpful

Go to solution
dec0dernyc
Level 1
Level 1
In response to dec0dernyc

ā€Ž11-23-2016 06:23 AM

What can i do to get a new ASA boot image running?

0 Helpful

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to dec0dernyc

ā€Ž11-28-2016 12:37 PM

Hi,

Use the same ASA ROMMON process and boot it up using the ASA code: -

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/admin_trouble.html#wp1076206

Thanks and Regards,

Vibhor

0 Helpful

Go to solution
Oliver Kaiser
Level 7
Level 7

ā€Ž11-23-2016 10:31 AM

Use this guide to re-image your ASA. You have to boot into ROMMON and load your asa image using tftp. The procedure is straight-forward and well documented in the guide.

If you have any questions let me know.

0 Helpful

Go to solution
dec0dernyc
Level 1
Level 1
In response to Oliver Kaiser

ā€Ž11-28-2016 12:29 PM

kaisero, thanks. I followed the guide and ran into some issues.

I did an erase disk0: and wiped it, then tried to load the following file.

It seems the ASA was trying to pull the file off the TFTP but wouldn't transfer the file. I was trying to tftp the asa962-3-lfbff-k8.SPA to the 5506-x. It wouldn't take it. Any ideas? I was looking for an ASA962 bin file or boot file but couldn't find any on the Cisco website.

0 Helpful

Go to solution
Oliver Kaiser
Level 7
Level 7
In response to dec0dernyc

ā€Ž11-28-2016 12:39 PM

What is the error message you are receiving on rommon? Make sure you are able to reach your tftp server using your management1/1 interface.

Disable your anti-virus & firewall on your tftp server (in case its a client) and try again.

0 Helpful

Go to solution
dec0dernyc
Level 1
Level 1
In response to Oliver Kaiser

ā€Ž11-28-2016 12:48 PM

It timed out. I think connectivity was the issue as you stated.

I used the console cable to run the rommon commands, then, plugged in cat5 cable from my laptop to the Management port 1/1 on the 5506-X, which is the port right above the console port. I couldn't ping the ASA from the laptop and couldn't ping from the ASA to the laptop.

The interesting part is, I saw the ASA try to connect to my tftp and pull the file, but I guess it timed out. I will post the tftp logs here tonight. It has to be a connectivity issue. The only thing I can think of, is..... am I loading the correct file asa962-3-lfbff-k8.SPA into the ASA?

Thanks again for your assistance.

0 Helpful

Go to solution
Oliver Kaiser
Level 7
Level 7
In response to dec0dernyc

ā€Ž11-28-2016 12:51 PM

Check your arp cache. Do you see ASA mac address in your arp cache? If yes, can you ping ASA?

Like I said it is probably related to AV / Firewall on your client (trendmicro is a real pain when it comes to using tftpd). Check your tftpd server directory and copy/paste the filename into asa console to make sure the filename is correct.

kind regards

Oliver

0 Helpful

Go to solution
dec0dernyc
Level 1
Level 1
In response to Oliver Kaiser

ā€Ž11-29-2016 05:41 AM

I think you are right. I do have TrendMicro installed on the laptop. I'm going to have to kill all those TrendMicro processes and try again. I have limited time during the week, so I will try this again on Saturday.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to dec0dernyc

ā€Ž11-30-2016 09:12 PM

Also be careful to note that the 5506/5508 and 5516 all require a ROM version upgrade prior to imaging using the FTD code.

Without that ROM upgrade you cannot image the unit.

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

ā€Ž11-24-2016 06:27 AM

Like Oliver says - you have to re-image.

Moving from ASA to FTD and vice versa completely removes the previous contents of the internal disk0.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card