04-09-2019 11:58 AM - edited 02-21-2020 09:01 AM
Hello I am needing to upgrade a 5512 to Firepower 6.2.2.x. I am currently stepping up Firepower from several older versions. Currently I have IOS 9.5.2 and attempting to first load Firepower 6.0.0. I have loaded the Firepower Boot img file which seemed to go ok. I can log into the sfr module using "session sfr console" command. I do see it is 6.0.0 from there.
Next I go to "setup" and assign an IP to sfr and the gateway which is one of the interfaces on the ASA.
Next I go to load the pkg file but having an issue there. I am typing in the following:
system install ftp://name:password@IP of FTP server/asasfr.pkg file name
Goes to Verifying for a bit then errors out with the following:
"Upload/download url doesn't have a valid ipv4 address"
I know the ftp server is ok and reachable, that is how I got the .img boot file for sfr onto the ASA.
Any ideas would be welcome.
Thanks.
Solved! Go to Solution.
04-10-2019 08:48 AM
When uploading the boot file to the ASA this would have been done from the ASA software itself.
Are you using the physical management interface for the ASA ? Have you put an IP on it? Within the setup of the initial boot setup of SFR, did you use an address on the same IP range if so? What are you using as the GW?
As Francesco said, there are a few different ways this can be setup so a diagram may help in identifying any problems. The ASA and SFR can share the interface or the SFR can have sole use.
As a test also you can try the following more basic command and see if it then prompts for the username/password.
system install ftp://x.x.x.x/package.pkg
04-11-2019 07:17 PM
04-09-2019 08:28 PM
04-10-2019 08:48 AM
When uploading the boot file to the ASA this would have been done from the ASA software itself.
Are you using the physical management interface for the ASA ? Have you put an IP on it? Within the setup of the initial boot setup of SFR, did you use an address on the same IP range if so? What are you using as the GW?
As Francesco said, there are a few different ways this can be setup so a diagram may help in identifying any problems. The ASA and SFR can share the interface or the SFR can have sole use.
As a test also you can try the following more basic command and see if it then prompts for the username/password.
system install ftp://x.x.x.x/package.pkg
04-10-2019 12:51 PM
Thanks Francesco and Grant. I got a bit busy today so sorry for the delay. I am very new to ASA so here is my current setup:
Pings are good from the sfr module all the way to the L3 switch x.x.10.1 but not to the ftp server (Windows 10 box) on the x.x.30.x network. I know that of course is a problem but when I changed the ftp server computer to an address in the x.x.10.x network I was still unable to do the pkg file.
04-10-2019 02:50 PM
04-10-2019 08:56 PM
04-11-2019 04:35 AM
Hello
Thanks, I will change the port on the switch to an access port later today.
Yes all the default GW's are on the L3 Switch. That includes the .30 subnet/vlan.
No I can't ping the .30 subnet GW. I figure that is a big problem for the ftp of course.
Some other config info is this is an internal lab setup and the ASA is new to the config and not being used as a integral part of the configuration right now. It has just has some basic configuration on it. The whole reason for doing what I am doing right now is to get the Firepower updated from the original sfr version of 5.4 to 6.2.2.x. All those other subnets/vlans (20, 30, 40) are able to do inter-vlan routing through the L3 switch. The .10 subnet is only on the ASA/sfr module and of course a vlan on the L3 switch.
I am also learning as I do this so thanks for the assistance.
04-11-2019 07:17 PM
04-12-2019 04:06 AM
I was told to do that was how to set that GW up. I will change later today and let you know how that goes. Thanks.
04-12-2019 04:07 AM
I was told to do that was how to set that GW up. I will change later today and let you know how that goes. Thanks.
04-12-2019 10:07 AM
BINGO!!
Got it to update. Combanation of changing the GW and when using the "asasfr-boot >system install" command I had been using "asasfr-boot >system install asasfr-boot >system install ftp://x.x.x.x/package.pkg". I changed that to "asasfr-boot >system install ftp://x.x.x.x/package.pkg" and it started the download and install. I have an up sfr module now. Next 3 more updates to get to the current version.
Thanks for the help, very much appreciated.
04-13-2019 06:19 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide