cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11055
Views
15
Helpful
11
Replies

Reimage from Firepower Threat Defense to ASA problem.

mike kao
Level 1
Level 1

Hi,

I'm trying to reimage ASA5506 from FTD 6.0.1 to ASA software, but meet problem.

The ASA5506 stuck in reload loop.

rommon 0 > show info
Current image running (0/1): Boot ROM0

Cisco Systems ROMMON, Version 1.1.8, RELEASE SOFTWARE
Copyright (c) 1994-2015  by Cisco Systems, Inc.
Compiled Thu 06/18/2015 12:15:56.43 by builders


DIMM Slot 0 : Present
Product Identifier      : ASA5506
Serial Number - PCA     : JAD1949XXXX
Serial Number - Chassis : JMX1950XXXX
Version Identifier      : V02
CPLD Version            : 34 (MM/DD/YY): 04/25/14 (2.2)
CPLD Ext Version        : 0x03020200 (2.2.0)
Board Version           :    3 (P2)
PCH Version             :   02 (A2)
CPLD-ENV Version        : 0000
Hardware Anchor         : F01025R12.16ae50ec82014-04-17
Certificate             : 333C0DC1B9D15412
Microloader             : MA0008R06.O203142014

rommon 1 > erase disk0:
erase: Erasing 7511 MBytes .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
rommon 2 > ADDRESS=192.168.222.100
rommon 3 > GATEWAY=192.168.222.254
rommon 4 > SERVER=192.168.222.5
rommon 5 > IMAGE=asa961-smp-k8.bin
rommon 6 > sync
rommon 7 > tftpdnld
             ADDRESS: 192.168.222.100
             NETMASK: 255.255.255.0
             GATEWAY: 192.168.222.254
              SERVER: 192.168.222.5
               IMAGE: asa961-smp-k8.bin
             MACADDR: 00:fe:c8:41:6e:00
           VERBOSITY: Progress
               RETRY: 40
          PKTTIMEOUT: 7200
             BLKSIZE: 1460
            CHECKSUM: Yes
                PORT: GbE/1
             PHYMODE: Auto Detect

IP: Detected unsupported IP packet fragmentation.  Try reducing TFTP_BLKSIZE.
IP: Retrying with a TFTP block size of 512..
Receiving asa961-smp-k8.bin from 192.168.222.5!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
File reception completed.
Boot buffer bigbuf=348bd018
Boot image size = 86704128 (0x52b0000) bytes
[image size]      86704128
[MD5 signaure]    f842404ffc537457de61fafdfc1d01ab

rommon 8 > dir disk0:
File system not supported

rommon 9 > reload

Resetting .......

Rom image verified correctly

Cisco Systems ROMMON, Version 1.1.8, RELEASE SOFTWARE
Copyright (c) 1994-2015  by Cisco Systems, Inc.
Compiled Thu 06/18/2015 12:15:56.43 by builders


Current image running: Boot ROM0
Last reset cause: LocalSoft
DIMM Slot 0 : Present

Platform ASA5506 with 4096 Mbytes of main memory
MAC Address: 00:fe:c8:41:6e:00


Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.

File system not supported
Attempt autoboot: "boot disk0:"
File system not supported
boot: cannot determine first file name on device "disk0:"
autoboot: All boot attempts have failed.
autoboot: Restarting the system.

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

The image you are trying to use ("asa961-smp-k8.bin") is not for the ASA 5506 hardware.

It requires the cryptographically signed image: "asa961-lfbff-k8.SPA". (asa961-10-lfbff-k8.SPA is the most current interim release).

Those image types are required on the 5506, 5508 and 5516 platforms.

View solution in original post

11 Replies 11

Marvin Rhoads
Hall of Fame
Hall of Fame

The image you are trying to use ("asa961-smp-k8.bin") is not for the ASA 5506 hardware.

It requires the cryptographically signed image: "asa961-lfbff-k8.SPA". (asa961-10-lfbff-k8.SPA is the most current interim release).

Those image types are required on the 5506, 5508 and 5516 platforms.

Thanks Marvin!!

It works!

Marvin,

Please have someone at CISCO fix this document because it is dead wrong on re-imaging FTD back to IOS. This cost me a few hours and I'm glad I found this forum post!

Doc= Reimage the Cisco ASA or Firepower Threat Defense Device

Reimage from Firepower Threat Defense to ASA
To reimage the Firepower Threat Defense to ASA software, you must access the ROMMON prompt. In ROMMON,
you must erase the disks, and then use TFTP on the Management interface to download the ASA image; only TFTP
is supported. After you reload the ASA, you can configure basic settings and then load the FirePOWER module
software.

6. Set the following network settings:
— (ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X only) Management interface ID. Other models always use
the Management 1/1 interface.
— Management interface IP address
— TFTP server IP address
— Gateway IP address. Set this address to be the same as the server IP address if they’re on the same network.
— TFTP file path and name.
Then load the boot image.
Example:
rommon #2> interface gigabitethernet0/0
rommon #3> address 10.86.118.4
rommon #4> server 10.86.118.21
rommon #5> gateway 10.86.118.21
rommon #6> file asa961-smp-k8.bin
rommon #7> set
ROMMON Variable Settings:
ADDRESS=10.86.118.3
SERVER=10.86.118.21
GATEWAY=10.86.118.21
PORT=GigabitEthernet0/0
VLAN=untagged
IMAGE=asa961-smp-k8.bin
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20
rommon #8> sync
Updating NVRAM Parameters...
rommon #9: tftpdnld
The ASA image downloads and boots up to the CLI. The set command views the settings. The sync command
saves the configuration for future use. You can also use the ping command to verify connectivity to the server.

Bobby_Meador  ,

Glad the posting helped. 

I don't work for Cisco. However, you can submit feedback on the source document page by clicking the feedback link under "Was this document helpful".

I just did so myself - more inputs get noticed more quickly; so I would encourage you to do the same.

Marvin does this asa961-lfbff-k8.SPA file the boot I'd want to use to work with the SFR module? I thought it would be named different to represent firepower capabilities

Keith the asa961-lfbff-k8.SPA is just the asa ios image. The FirePower services SSD drive requires two other pieces of software to function :

#1 asasfr-5500x-boot-6.2.0-2.img

#2 asasfr-sys-6.2.0-362.pkg

Here you can see an example of me installing the first part of the firepower image


Meador-ASA# sw-module module sfr recover configure image disk0:asasfr-5500x-bo$
Meador-ASA# sw-module module sfr recover boot

Module sfr will be recovered. This may erase all configuration and all data
on that device and attempt to download/install a new image for it. This may take
several minutes.

Recover module sfr? [confirm]

hit enter

Recover issued for module sfr

After this completes you must load the pkg file.

example ---> ftp://admin:vpn123@172.16.10.9/asasfr-sys-6.2.0-362.pkg

Here is a doc on the entire FP process , Good luck and let us know if you need more help!

http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html

Bobby thanks for this nice clear explanation. 

keithcclark71  ,

You will also need licenses for your FirePOWER features. Control (no cost) to start and then Protect (IPS), URL Filtering and/or Malware.

Thanks Marvin I think I'm OK there with procedure. Register FMC license then Pak which will allow me to download and install the .lic according to what features were purchased.

Hello Marvin,

i have used "asa981-lfbff-k8.SPA" for my cisco asa 5506-X. files Get Successfully Copied to asa..and it ask for Configuration of Management ip domin-name, hostname..etc.. i even copied the asa boot file to flash: and saved it. But after Reboot device doesnot boot with new image .. it Prompt following Messages

"File system not supported
Attempt autoboot: "boot disk0:"
File system not supported
boot: cannot determine first file name on device "disk0:"
autoboot: All boot attempts have failed.
autoboot: Restarting the system."

I even changed to boot image source to flash but doednot work ..Request your assistance on this..

 

Thanks in advance...

It's happening again from myself ASA FirePower 5508X device, how can you solving it ? Below console messages continuous trying boot disk0:, just desired it can be normal operation. Please expertise help me to solve it 

 

File system not supported
Attempt autoboot: "boot disk0:"
File system not supported
boot: cannot determine first file name on device "disk0:"
autoboot: All boot attempts have failed.
autoboot: Restarting the system.

Review Cisco Networking for a $25 gift card