ASA issue - RESOLVED!!!! THANKS!!!!!

Bl8ckr0uter

*I have checked Ciscos site and done some googling*

I am working with a brand new Cisco ASA 5540. Cisco sent it to replace our existing backup asas power supply . At any rate it had no OS. So after playing in rommon and I got it to boot from an image off of my machine. The problem is when I reload the damn thing it won't boot off of the OS. So I looked at the config register and noticed it was set to 0x01 (boot off of flash). So I booted I added a boot system line to tell it to boot off of flash (where the image that I loaded it). It failed again. So I TFTP booted and checked the flash:

ciscoasa# dir flash

Directory of disk0:/flash

97     -rwx  2183         09:18:34 Jan 16 2003  flash

255844352 bytes total (216170496 bytes free)
ciscoasa#

WTF? So then I did a dir disk0:

ciscoasa# dir disk0:

Directory of disk0:/

92     -rwx  14137344     05:11:16 Jul 18 2011  asa804-k8.bin
3      drwx  4096         05:16:22 Jul 18 2011  log
6      drwx  4096         05:16:54 Jul 18 2011  crypto_archive
83     -rwx  0            08:00:34 Jan 16 2003  nat_ident_migrate
94     -rwx  1584         07:46:50 Jan 17 2003  8_0_4_0_startup_cfg.sav
13     drwx  4096         08:00:34 Jan 16 2003  coredumpinfo
95     -rwx  1138         08:00:34 Jan 16 2003  upgrade_startup_errors_200301160800.log
96     -rwx  1138         08:18:16 Jan 16 2003  upgrade_startup_errors_200301160818.log
97     -rwx  2183         09:18:34 Jan 16 2003  flash
98     -rwx  1138         07:46:50 Jan 17 2003  upgrade_startup_errors_200301170746.log

So as you can see the image is there. So I issue boot system disk0:/asa804-k8.bin thinking that will solve the issue. I did a copy run start and reloaded. It failed to boot again (just goes through the motions and then asks if I want to hit esc or spacebar. I waited for 30 minutes and it just cycles through the same thing). It is very annoying.
Mind you that disk0 is the on board built in internal flash, not a card (which I tried as well and it failed). I am not sure what I am doing wrong here. It should be pretty easy to do right?

I also tried to do copy file from disk0 to flash:

ciscoasa# copy disk0: flash:

Source filename []? asa804-k8.bin

Destination filename [asa804-k8.bin]?

%Error copying disk0:/asa804-k8.bin (destination path is identical)
ciscoasa# copy disk0: flash

Source filename []? asa804-k8.bin

Destination filename [asa804-k8.bin]?

%Error copying disk0:/asa804-k8.bin (destination path is identical)
ciscoasa# copy disk0: disk0:\flash

Source filename []? asa804-k8.bin

Destination filename [\flash]? asa804-k8.bin

%Error copying disk0:/asa804-k8.bin (destination path is identical)

HALP!!!

ColbyG

I'm a little confused, but it looks like there's a folder on disk0 named "flash". Disk0 is where you want to put stuff, but in the confusion, it looks like you made that folder and then a file in it named "flash". Just use the boot statement with disk0:[image]. The ASA should change "flash" to disk0 in the boot statement though, so I'm not sure exactly what's going on... unless it's trying to boot the file "flash". I'd delete the random folders and all that to prevent more confusion.

Edit: I missed part of your post. Go back to the boot statement with disk0 and do a sh boot and sh run | i boot, and make sure your stuff is there.

Bl8ckr0uter

Ok. When I get back in I will delete flash (the folder). The I will run the command you mentioned. Then I'll just move the file to where ever the sho run produces. I'll let you know.

Bl8ckr0uter

Ok so here is what I did:

255844352 bytes total (241332224 bytes free)
ciscoasa# del flash

Delete filename [flash]?

Delete disk0:/flash? [confirm]

ciscoasa# sh flash
--#--  --length--  -----date/time------  path
   90  14137344    Jul 18 2011 05:11:16  asa804-k8.bin
    3  4096        Jul 18 2011 05:16:22  log
    6  4096        Jul 18 2011 05:16:54  crypto_archive
   82  0           Jan 16 2003 08:00:34  nat_ident_migrate
   92  1584        Jan 17 2003 07:46:50  8_0_4_0_startup_cfg.sav
   13  4096        Jan 16 2003 08:00:34  coredumpinfo
   14  59          Jan 16 2003 08:00:34  coredumpinfo/coredump.cfg
   93  1138        Jan 16 2003 08:00:34  upgrade_startup_errors_200301160800.log
   94  1138        Jan 16 2003 08:18:16  upgrade_startup_errors_200301160818.log
   96  1138        Jan 17 2003 07:46:50  upgrade_startup_errors_200301170746.log

255844352 bytes total (241336320 bytes free)
ciscoasa# sh run | i boot
boot system disk0:/asa804-k8.bin
ciscoasa#

So I am going to try to boot again. EDIT: Still looping:

CISCO SYSTEMS
Embedded BIOS Version 1.0(11)2 01/25/06 13:21:26.17

Low Memory: 631 KB
High Memory: 3072 MB
PCI Device Table.
Bus Dev Func VendID DevID Class              Irq
 00  00  00   8086   2578  Host Bridge
 00  01  00   8086   2579  PCI-to-PCI Bridge
 00  03  00   8086   257B  PCI-to-PCI Bridge
 00  1C  00   8086   25AE  PCI-to-PCI Bridge
 00  1D  00   8086   25A9  Serial Bus         11
 00  1D  01   8086   25AA  Serial Bus         10
 00  1D  04   8086   25AB  System
 00  1D  05   8086   25AC  IRQ Controller
 00  1D  07   8086   25AD  Serial Bus         9
 00  1E  00   8086   244E  PCI-to-PCI Bridge
 00  1F  00   8086   25A1  ISA Bridge
 00  1F  02   8086   25A3  IDE Controller     11
 00  1F  03   8086   25A4  Serial Bus         5
 00  1F  05   8086   25A6  Audio              5
 02  01  00   8086   1075  Ethernet           11
 03  01  00   177D   0003  Encrypt/Decrypt    9
 03  02  00   8086   1079  Ethernet           9
 03  02  01   8086   1079  Ethernet           9
 03  03  00   8086   1079  Ethernet           9
 03  03  01   8086   1079  Ethernet           9
 04  02  00   8086   1209  Ethernet           11
 04  03  00   8086   1209  Ethernet           5

Evaluating BIOS Options ...
Launch BIOS Extension to setup ROMMON

Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006

Platform ASA5540

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.

Thoughts? What I am going to try is booting from TFTP again and checking the confreg register when I get in but 0x01 should boot from flash right?

ColbyG

Mine are set to 0x1. Not sure, but maybe that extra zero is your issue.

Bl8ckr0uter

I mistyped it was 0x1

I wonder if I could copy the file to my external flash and tell it to boot from there. Do you know if I would have to change the configuration register if I just change the boot system command?

ColbyG

You shouldn't have to. Let's go through some commands.

sh boot
sh ver
cd (then dir)

Post those, if you don't mind. Strip serials or whatever.

Bl8ckr0uter

Ok:

ciscoasa# sh boot

BOOT variable = disk0:/asa804-k8.bin
Current BOOT variable = disk1:/asa842-k8.bin
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa#

I just switched the boot system to using disk1. 5 minutes ago (when it didn't work) it matched the line above it.

ciscoasa# sh ver

Cisco Adaptive Security Appliance Software Version 8.4(2)

Compiled on Wed 15-Jun-11 18:17 by builders
System image file is "tftp://70.61.130.60/asa842-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 15 mins 46 secs

Hardware:   ASA5540, 3072 MB RAM, CPU Pentium 4 2000 MHz
Internal ATA Compact Flash, 256MB
Slot 1: ATA Compact Flash, 64MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode        : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.06
                             Number of accelerators: 1

 0: Ext: GigabitEthernet0/0  : address is 0021.a025.08b2, irq 9
 1: Ext: GigabitEthernet0/1  : address is 0021.a025.08b3, irq 9
 2: Ext: GigabitEthernet0/2  : address is 0021.a025.08b4, irq 9
 3: Ext: GigabitEthernet0/3  : address is 0021.a025.08b5, irq 9
 4: Ext: Management0/0       : address is 0021.a025.08b6, irq 11
 5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11
 6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 200            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Disabled       perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 5000           perpetual
Total VPN Peers                   : 5000           perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5540 VPN Premium license.

Serial Number: XXXXXXXXXX
Running Permanent Activation Key: 0xf81c6c5b 0x3c284e14 0x24301904 0x94384018 0x83321695
Configuration register is 0x1
Configuration last modified by enable_15 at 01:20:11.659 UTC Sat Jan 18 2003

ciscoasa#   sh flash
--#--  --length--  -----date/time------  path
   88  14137344    Jul 18 2011 05:11:16  asa804-k8.bin
    3  4096        Jul 18 2011 05:16:22  log
    6  4096        Jul 18 2011 05:16:54  crypto_archive
   81  0           Jan 16 2003 08:00:34  nat_ident_migrate
   90  1584        Jan 17 2003 07:46:50  8_0_4_0_startup_cfg.sav
   13  4096        Jan 16 2003 08:00:34  coredumpinfo
   14  59          Jan 16 2003 08:00:34  coredumpinfo/coredump.cfg
   91  1138        Jan 16 2003 08:00:34  upgrade_startup_errors_200301160800.log
   92  1138        Jan 16 2003 08:18:16  upgrade_startup_errors_200301160818.log
   93  1138        Jan 17 2003 07:46:50  upgrade_startup_errors_200301170746.log

255844352 bytes total (241336320 bytes free)
ciscoasa# sh disk0
--#--  --length--  -----date/time------  path
   88  14137344    Jul 18 2011 05:11:16  asa804-k8.bin
    3  4096        Jul 18 2011 05:16:22  log
    6  4096        Jul 18 2011 05:16:54  crypto_archive
   81  0           Jan 16 2003 08:00:34  nat_ident_migrate
   90  1584        Jan 17 2003 07:46:50  8_0_4_0_startup_cfg.sav
   13  4096        Jan 16 2003 08:00:34  coredumpinfo
   14  59          Jan 16 2003 08:00:34  coredumpinfo/coredump.cfg
   91  1138        Jan 16 2003 08:00:34  upgrade_startup_errors_200301160800.log
   92  1138        Jan 16 2003 08:18:16  upgrade_startup_errors_200301160818.log
   93  1138        Jan 17 2003 07:46:50  upgrade_startup_errors_200301170746.log

255844352 bytes total (241336320 bytes free)
ciscoasa# sh disk1
--#--  --length--  -----date/time------  path
   96  25159680    Jan 18 2003 01:14:50  asa842-k8.bin

ColbyG

So how does it currently look? At the moment, you have two boot statements? If you remove all of the boot statements, it still doesn't boot?

Bl8ckr0uter

I only have one defined that I know of:

hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name XXXXXX XX
!
interface GigabitEthernet0/0
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 nameif XXXXXX
 security-level 0
 ip address XX 255.255.255.240
!
interface Management0/0
 shutdown
 no nameif
 no security-level
 no ip address
![B]
boot system disk1:/asa842-k8.bin[/B]
ftp mode passive

I noticed that as well. I tried to do something like boot var? but that isn't a command. I didn't think about removing all of the boot statements. Let me try that.

You are the network ninjaneer man!!!!!!

AWESOME!!!!

Ok the boot statements were broken and it was looking for an ASA bin file that didn't exist. Since I never had 804 on there, it must have come like this from Cisco . Well, that was fun, it almost makes me want to do an ASA cert lol.

ColbyG

Good times, glad it's working. I was getting annoyed, lol.

Bl8ckr0uter

ColbyG wrote: »

Good times, glad it's working. I was getting annoyed, lol.

Lol who are you telling. The odd thing about it is that
A: I didn't put that there
B: No only did I not put that there, the ASA should have never had a boot variable since it shipped with no OS
C: Adding a boot system didn't over right it until everything was removed
It doesn't failover to it once it can't find a bin file.

Just things for me to keep in mind. Fun times with my first ASA.

Panzer919

Bl8ckr0uter wrote: »

Lol who are you telling. The odd thing about it is that
A: I didn't put that there
B: No only did I not put that there, the ASA should have never had a boot variable since it shipped with no OS
C: Adding a boot system didn't over right it until everything was removed
It doesn't failover to it once it can't find a bin file.

Just things for me to keep in mind. Fun times with my first ASA.

I can't speak for anyone else here but I never trust any configuration a device was shipped with. Too many times I've booted a router and cant login because of something stupid. So then I get to spend the next 10 minutes breaking into it and going that route, simple but frustrating. Because of that every device I get, gets the latest stable image and an erase start reload. Less probability of running into problems I've found.

and I'm totally stealing this - network ninjaneer