This guide steps through the basics of re-imaging the Cisco ASA Content Security and Control (CSC) Security Services Module with the latest image file. This process takes roughly 30 minutes to complete (not including the downloading of the upgrade files from cisco.com) and it leaves the CSC module with a fresh installation of code.
Different upgrade methods
There are two types of upgrade files available for the CSC module: BIN files and PKG files.
BIN files - BIN files are used to re-image the module. The files include the full installation of code present on the module. The BIN files will bring the module to a certain maintenance version such as 6.3.1172.0 or 6.6.1125.0.
PKG files - PKG files contain incremental bug fixes beyond the main release version available in BIN files. For example the csc6.3.1172.4.pkg will bring the module from 6.3.1172.0 up to 6.3.1172.4. PKG files contain just bug fixes and minor changes. You should read the PKG release notes to determine what is the minimum version of code the PKG can be installed on. Some package upgrades have very specific versions that must be installed prior to upgrade, the realease notes will outline that in detail:
This process will bring the CSC module down during the re-image process. If you have your CSC scanning policy configured with 'fail-close'. The traffic matching that policy will be blocked until the re-image process is completed and the module is back on-line. More information about the difference between 'fail-close' and its opposite, 'fail-open', can be found here:
Port IP Address [0.0.0.0]: 192.168.1.250 VLAN ID : Gateway IP Address [0.0.0.0]: ciscoasa(config)#
NOTE: Leave the gateway as 0.0.0.0 if the TFTP and CSC port are on the same Layer-3 subnet. If they are on different subnets, set the gateway to the next-hop router between the subnets.
When you are prepared to start the re-image process, enter the command hw-module module 1 recover boot:
ciscoasa(config)# hw-module module 1 recover boot The module in slot 1 will be recovered. This may erase all configuration and all data on that device and attempt to download a new image for it. Recover module in slot 1? [confirm] ciscoasa(config)# Recover issued for module in slot 1
Issue the command debug module in order to watch the re-image progress:
Hi Guys,I am planning to migrate my old ISE running in my old server to a new ISE 2.7 that will be running in the new SNS server. Both old and new ISE are running in HA.What I planned so far are;1. Configure temp IP address to the ISE 2.7 and form the clu...
Hi All,I am working on Cisco Secure ACS for IOS-XR and I want help from experts out there. I want to globally deny if someone could remove the whole bundle(e.g: no interface Bundle-Ether10) but can do both of the following on the dot interfaces only:a): n...
We have enabled Orbital search feature in Cisco AMP for our workstations in our environment, however after enabing the Orbital features machines have started to download some data over the internet. We would like to know what data it is trying to dow...
Hello We have a requirement to create two VPN Tunnels Site A:Local Subnet : 126.96.36.199/16 : Remote Subnet (DC): 188.8.131.52/8 Site B:Local Subnet : 184.108.40.206/16 : Remote Subnet : 220.127.116.11/16 DC has about 50 sites in that subnet range,&nbs...
Hello, I have an FTD 1140 and I am trying to migrate the config from an ASA 5515. The FTD is managed locally through FDM. There is not an automatic migration process, so I am performing it manually. I am stuck at S2S VPN.&n...