Upgrading ASA or for that matter any device is really a very simple procedure, however sometimes due to some very simple yet difficult to diagnose issues the upgrade process can go for unexpectedly long
This documents hopes to identify some common issues which we encounter when performing upgrades
Copy TFTP flash fails midway through the image load
This happens usually when there is network congestion and packets get lost in between tftp server and asa, also remember tftp is an unreliable protocol which works on udp port 69
Resolution: Connect the tftp server direcly to asa or through a switch
tftp server ----------------switch-----------asa
Also try not to upload image over vpn tunnel using tftp
if the number of hops are more then it is suggested that you use ftp to upload files to flash
we get this error usually if there is something wrong with the flash, probably the flash might be corrupted
Resolution: issue the command "fsck flash:" and/or "format flash:"
while the first one is harmless, be informed that the second command "format flash:" erases the entire flash and this means the image and the startup config, so if you are planning to format the flash make sure that the firewall does not reboot under any circumstance as this will force your firewall into rommon mode when it boots because there will be no image in the flash
so the option that you have here is change the boot system from disk0 to tftp server so that the asa boots from tftp server even if it relaods by chance (due to power outage or something like that), also make sure that you have a back up of your config handy to deal with such situations
In most cases formatting flash should help and you can copy back the images and config files.
If it is a standalone firewall that you have (without failover), it is recommended that you seek advise from TAC before you proceed towards formatting flash
While doing from asdm - Error occurred in performing File Transfer - "Error writing request body to server"
WorkAround: we have seen this error few times when file transfer was tried from asdm, there is no know cause for this but a possible work around is to try using scp or tftp to upload the file and this is known to have worked in most cases.
Unspecified error in tftp –
we get this error mainly due to network related problems, either it could be connectvity issue or could be that there is a firewall blocking the tftp request on the server or a server config issue like server might not be configured to request files or at times i have seen that few servers have trouble transferring large files
Resolution: Check connectivity, disable any firewall/antivirus/hips software on the PC acting as tftp server. Also try to use another tftp server. In my experience tftpd32 has worked for me in almost all scenarios.
The ASA requires one full memory block be available to buffer the entire image before writing it to flash. Probably there is not a block available to accommodate your image . The memory usage is directly related to the features you have enabled on the box, which will load each time the box is loaded.
Resolution: You can reduce your memory usage by disabling features that you are not currently using like threat detection. Upgrading from rommon also helps in such scenario's. Just be aware as to which features you are disabling and make sure you undersatnd the impact that disabling any feature will have on your network
Is there a way to extend logging for radius logs on ISE 2.6? I have tried going to admin -> logging -> log settings and changing the default to 30 days but my live logs for radius do not appear to be using that setting. I also tried pointing ISE to ...
Hello! We have Cisco ASA 5525 in Failover mode (Active/Passive) (SW 184.108.40.206), 4 RDP Servers based on WinServer 2012R2(Serv_Net sec level 50), PCs connected to ASA (PC_Net, sec level 50) and uplink to Corporate Networks (CORP_NET, sec level 0). W...
Does anyone know how can I display the internal ID of the active directory join point?I need for a script (ERS), in the Doc they say: 1. Create a domain join point in ISE. In the "domain" parameter use cisco.com2. Get all defined join points and copy...