This guide steps through the basics of re-imaging the Cisco ASA Content Security and Control (CSC) Security Services Module with the latest image file. This process takes roughly 30 minutes to complete (not including the downloading of the upgrade files from cisco.com) and it leaves the CSC module with a fresh installation of code.
Different upgrade methods
There are two types of upgrade files available for the CSC module: BIN files and PKG files.
BIN files - BIN files are used to re-image the module. The files include the full installation of code present on the module. The BIN files will bring the module to a certain maintenance version such as 6.3.1172.0 or 6.6.1125.0.
PKG files - PKG files contain incremental bug fixes beyond the main release version available in BIN files. For example the csc6.3.1172.4.pkg will bring the module from 6.3.1172.0 up to 6.3.1172.4. PKG files contain just bug fixes and minor changes. You should read the PKG release notes to determine what is the minimum version of code the PKG can be installed on. Some package upgrades have very specific versions that must be installed prior to upgrade, the realease notes will outline that in detail:
This process will bring the CSC module down during the re-image process. If you have your CSC scanning policy configured with 'fail-close'. The traffic matching that policy will be blocked until the re-image process is completed and the module is back on-line. More information about the difference between 'fail-close' and its opposite, 'fail-open', can be found here:
Port IP Address [0.0.0.0]: 192.168.1.250 VLAN ID : Gateway IP Address [0.0.0.0]: ciscoasa(config)#
NOTE: Leave the gateway as 0.0.0.0 if the TFTP and CSC port are on the same Layer-3 subnet. If they are on different subnets, set the gateway to the next-hop router between the subnets.
When you are prepared to start the re-image process, enter the command hw-module module 1 recover boot:
ciscoasa(config)# hw-module module 1 recover boot The module in slot 1 will be recovered. This may erase all configuration and all data on that device and attempt to download a new image for it. Recover module in slot 1? [confirm] ciscoasa(config)# Recover issued for module in slot 1
Issue the command debug module in order to watch the re-image progress:
We use very long randomized URLs for our vendor AnyConnect connections. Generally, these are all connected on desktop devices, however we have a vendor now testing on android mobile devices. The Android version currently on Google Play (v4.10.00...
Hello, I'm currently meet an issue with a VPN IKEv2. Actually I have 2 local subnets (10.10.0.0/16 & 192.168.90.0/24) that want to reach a remote subnet (10.20.0.0/16). Here my access-list:access-list ACL_REMOTE line 1 extended permit ...
We are running FirePower 6.6 and have recently been seeing a lot of bad detections around the "built in" GoDaddy definition. As GoDaddy is tagged as webmail, these not-really-GoDaddy sites are being blocked by our "block webmail" apps policy. S...
I have a firewall 4100 . I need to set them up as FTD to work with my FMC I set up it up as below, but I can ssh but can not https to it. Do you know why? If you have a good link for setting up this firewall to FTD, pleas share. Switch Fabr...
I work in an environment using Cisco Stealthwatch. We have a cybersecurity team that is doing an audit on our systems where they are scanning the network for vulnerabilities and other problems. I have to provide my management team with the out...