Cisco Firewall :: 5520 - Upgrade From 8.3.1 To 8.3.2 / Unable To Copy Via TFTP
Aug 16, 2011
I was trying to upgrade from 8.3.1 to 8.3.2. but I am unable to copy via tftp to the ASA flash or disk0:
ASA5520# copy tftp: flash:
Address or name of remote host []? 10.88.127.153
Source filename []? asa831-k8.bin
Destination filename [asa831-k8.bin]?
[code]....
Half way thru writing to the disk, it goes for a reboot. There is more than enought space on the disk0. I tried copying via a Compact Flash, but the ASA is not detecting the Compact Flash (which I thinks should be disk1). I tried copying a asdm file, even that also went for a reboot.I am stuck now, unable to upgrade
t#copy flash: tftp: Source filename []? c2960-lanbasek9-mz.122-44.SE6 Address or name of remote host []? 10.23.120.15 Destination file name [c2960-lanbasek9-mz.122-44.SE6]? %Error reading flash:c2960-lanbasek9-mz.122-44.SE6(Is a directory)
sh flash:
Directory of flash:/
2 -rwx 1919 Mar 1 1993 10:27:17 +05:30 private-config.text 3 -rwx 11056 Mar 1 1993 10:27:17 +05:30 config.text 4 -rwx 804 Mar 1 1993 05:30:42 +05:30 vlan.dat 6 -rwx 2072 Mar 1 1993 10:27:17 +05:30 multiple-fs 7 drwx 192 Mar 1 1993 05:37:02 +05:30 c2960-lanbasek9-mz.122-44. SE6
I am using TFTPD32 to upgrade the IOS on a router. When I type in the commands copy tftp flash and enter all the necessary information, the router sits for a minute or so and then times out. There is no entry made in the log when it times out. copy flash tftp yields the same result. The fa 0/0 interface and the TFTP server are both on the same subnet and can successfully ping one anothe
I have seen similar questions but with not a lot of answers for the ASA platform. As the title states, What procedures can I use to copy a pre-existing configured CISCO ASA 5520 to a brand new CISCO ASA 5520. I have found a URL that seems to answer some questions but not all. [URL]
The URL talks more about the PIX's than the ASA
Is there any documentation or shorter procedures for product specific on the 5520?
I made an ASDM upgrade for one of my two CISCO ASA 5520. If I copy a file to the primary ASA's flash, is there any command I can run on the primary ASA to copy a file to the secondary ASA?
I have a really stupid problem with my RV042. The main logon password has expired but it will not let me change it at all. Basically I try to login but get the error 'The old password has expired. Please change the password'. But with no prompt at all for a new password and just a return to the login page. Tried various different browsers, tried the old default password but nothing will work. There seems to be no way of changing it and I cannot login.Am I missing something glaringly obvious? I really don't want to reset it to default as I have numerous VPN tunnels configured and various other settings.
I have a 3550 switch that I am trying to upgrade the IOS on.I am trying to copy to a TFTP server.I am receiving a socket error.I saw that this can be fixed with
Switch#config t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#no service config Switch(config)#exit Switch# 00:13:47: %SYS-5-CONFIG_I: Configured from console by console Switch#reload
I have done this 3 times to no avail.My TFTPd32 server on my pc is working fine.Here is the error
Switch#sh flas Directory of flash:/ 2 -rwx 556 Mar 1 1993 00:33:53 +00:00 vlan.dat 4 -rwx 3775 Mar 1 1993 00:37:54 +00:00 config.text 5 -rwx 24 Mar 1 1993 00:37:54 +00:00 private-config.text 6 -rwx 5687963 Mar 16 2007 01:05:23 +00:00 c3550-ipbasek9-mz.122-25.SEB4.bin 8 drwx 192 Mar 1 1993 00:04:40 +00:00 c3550-i9q3l2-mz.121-22.EA1a
I have a 2801 running c2801-spservicesk9-mz.124-3g.bin According to the Cisco IOS MIB locator the image supports OLD-CISCO-SYSTEM-MIB I have tried .1.3.6.1.4.1.9.2.1.55 etc to set server IP address and the filename string but without any luck.e.g.
Reason: (noSuchName) There is no such variable name in this MIB. Failed object: iso.3.6.1.4.1.9.2.1.55.a.b.c.d (where a.b.c.d is the server IP)
I have also tried the method similar to that for Cat 3550 switches where you create a table of entries to define the transfer paramaters then activate the transfer (I think the CISCO-CONFIG-COPY-MIB)
Clean up at the end - destroy .14 with the value of 6.
example output : - -- earlier output omitted -- Error in packet. Reason: (noSuchName) There is no such variable name in this MIB. Failed object: iso.3.6.1.4.1.9.9.96.1.1.1.1.4.111 Error in packet.
I am using multiple cisco 2811, 3745 routers and 2950,3550 switches if I need to copy running configuration I have to go to each device and say copy run tftp: <address> Is here any way that automatically by schedule one a week or a month configuration copy from all devices to tftp server?
I have a cisco 3750 swicth which i want to load a new ios to but unfortunately there's no enough space on the flash. This means that i need to backup the cureent (old) ios to my tftp server but the command keeps failing. It always gives 'No such file or directory' error .The free space on the flash is 8mb and my new ios is about 11mb.I also went inside the directory where the old is and inputed the same copy command but to no avail.Below are some of the command failure on the swicth:
I recently posted this same issue the other day, using TFTPd32. Now i am pretty close to fixing it. I do have a different setup; my pc ethernet port is broken so I am using an ethernet/usb adapter. I am attempting to backup my IOS from a 3550 switch to my PC.
I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
We wish to upgrade 8.2(3) to 8.2(5) on our asa 5520 and 5510. I have been looking for Cisco guides for installation instructions but havent been able to track any. or is it just as striaght forward as copy image, reboot secondary and the primary
I have a 2 ASA 5520 firewalls for high availability and need to upgrade IOS from 7.2(4) to 8.2 or latest. What could be the better way and upgrade procedure. Below is show version details and IOS upgrade to latest.
Cisco Adaptive Security Appliance Software Version 7.2(4)Device Manager Version 5.2(4) Compiled on Sun 06-Apr-08 13:39 by buildersSystem image file is "disk0:/asa724-k8.bin"Config file at boot was "startup-config"
IGN-ASA-1 up 45 days 17 hoursfailover cluster up 45 days 17 hours Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHzInternal ATA Compact Flash, 256MBSlot 1: ATA Compact Flash, 512MBBIOS Flash M50FW080 @ 0xffe00000, 1024KB
We have 2 ASA 5520s in active/standy. We run IOS 8.2(5)24 and I wondered if I need to upgrade as I see the versions have gone to 8.4 and beyond! We are not getting any issues and I'm aware of the difficult migration from 8.2 to 8.4 etc due to the NAT change.
I have a couple of ASA5520 and ASA5550, and I wanted to know if it is worth it to upgrade the software from 8.2(4) to 8.2(5)? Because of the RAM I cannot upgrade to 8.3 for now.
We are currently on 8.0(4) and planning on upgrading our failover pair to 8.4.2, I read some documents saying that we can perform a zero downtime upgrade.
According the below documents Version 8.2 supports mismatch memory failover, [URL]
Upgrade Path:
Active Firewall: Standby Firewall: 8.0(4) 8.0(4)-->8.2.2 8.0(4) Upgrade RAM-2G---Reload faiover to standby 8.2.2 8.0(4)--->8.2.2 8.2.2
[code]...
Can I perform zero downtime upgrade with the above upgrade path? Will both the firewalls act as a failover pair if one is on 8.2.2 and other is on 8.4.2.
"Performing Zero Downtime Upgrades for Failover Pairs
The two units in a failover configuration should have the same major (first number) and minor (second number) software version. However, you do not need to maintain version parity on the units during the upgrade process; you can have different versions on the software running on each unit and still maintain failover support." [URL]
I upgraded a pair of ASA 5520s from ASA 8.3 to ASA 8.4(4) this week and now my DMZ hosts cannot reliably communicate with eachother. I have a DMZ network of 10.20.20.16/28 configured. 10.20.20.17 is the ASA/Gateway and 10.20.20.19 is one host and 10.20.20.20 is another host. These two hosts had no problem communicating with eachother before the upgrade. Now, they usually cannot communicate with eachother. Occasionally they can communicate, but only for a few minutes. What is strange is I never had any access lists for these hosts to talk with eachother before the upgrade (because their traffic to eachother should have never reached the firewall) but now I needed to create an access list on the DMZ interface allowing these two hosts to talk. ICMP works fine, but only if the ACL is in place. TCP rarely works.
I need to upgrade the ASA 5520 from OS 8.2(5)26 to 8.2(5)33. the ASA only has 64M of flash. I have a 256M flash card. What are the steps to upgrade the flash? I am not sure how it will boot up because the new flash will be blank?
I have been asked to look at upgrading two 5520 ASA configured in a HA pair Active/Standby, from version 7.2(4) to version 8.3(1) to bring it in line with some other ASA firewalls in the organisation.
My question is can I simply upgrade straight from 7.2(4) to 8.3(1) or will I have to step the upgrade from 7.2(4) => 8.2(x) => 8.3(1)
Having read a few articles on the forums and the release notes I think I should be able to go from 7.2(4) => 8.3(1) .
The second part of my query is around the upgrade itself, having researched this a little there seems to be various views on how to go about upgrading a HA pair and I cannot find anything specific on the website.
The approach I am thinking of is simply as follows;
- upload images onto both firewalls in the HA pair - On the standby from the CLI clear configure boot
last night we tried to upgrade our cluster (2x ASA5520) from 8.0(4) to 8.2(3) and failed miserably.
1. Both units got the new image, but when we reloaded the secondary unit then we got the following strange message:
"Mate's license (10GE I/O Enabled) is not compatible with my license (10GE I/O Disabled). Fail over will be disabled."
After this message fail over was not there anymore and both units became active (!!!) which killed everything. Of course ASA5520 doesn't have 10GE and we have exactly the same units. What could be the problem here? Currently we run with a single unit with 8.2(3) and the secondary unit is switched off.
2. After the upgrade we cannot connect with multiple VPN sessions from the same client, this gets logged:
"Multiple sessions per tunnel are not supported"
This was working just fine with 8.0(4) and doesn't work with 8.2(3). Do we have to update something in the config or what is causing this? If you ask why we went with 8.2(3) instead of 8.2(5) then the answer is because we were testing that for several month in our secondary data center, but unfortunately only on a single ASA and not on a cluster. We couldn't go higher due to the 512MB RAM we have in all units. And we had to upgrade, because we had crashes with 8.0(4) which was working fine for a long-long time.
I need to upgrade the flash memory of the ASA 5520 from 256Mb to 512Mb. As far as I realized the built-in flash memory called system compact flash and there is also an empty slot which it is possible to install a user flash.
What is the difference between user and system compact flash? and for upgrade can I just insert the user compact flash or do I need to upgrade the system compact flash? Where can I find the part number for each type?
I have two Routers (C1812 & C1841) each having different version of IOS images. I was wondering if its possible to copy IOS image from flash of one Router and use it to upgrade another.
As part of our PCI compliance, we were required to add a line to all of our ACLs in our ASA 5520 running version 8.2(3). Though there is an implicit deny all, we had to add a line to deny from any source to any destination.We had no problems in adding the additional deny all statements except for our NAT access-list. This NAT access list is used for our internet connection.Currently, the NAT ACL has 4 entries to permit from a specified source to destination any. This ACL is then called on our NAT statement.nat (inside) 1 access-list NAT,Also, note that NAT control is in place and we also have NAT zero statements for our VPN connections.So to fulfill our requirements, we just had to add another line to our ACL entries. But we encountered an issue with our NAT acl.
5508 controller is at the headquarters which can be normally pinged, telnetted, http'd and tftp'ed....at the remote site, controller can be pinged and http'ed but cannot be telnetted and tftp'ed.there is a complete tracert from the remote site pc all the way to the controller.from a switch at a remote site, the controller can be telnetted. but from a pc on the remote site (which belongs to a remote site vlan), it is unable to telnet and tftp the controller.all active components can be telnetted from the remote site, such as the core switches and routers at the headquearters, except the controller.upgraded the controller code to 7.2.xxx in headquarters but still unable to telnet and tftp the controller from remote site.is there any more settings on the controller for telnet and tftp?what could be the problem why the controller is not available for telnet and tftp from the remote site?
I re-installed Windows XP on a dual boot with Windows 7 but I have no access to the Internet.There is no problem with Windows 7. I have Wi-Fi with an ethernet connection.What am I missing? Without Internet access I am unable to activate my copy of Windows XP
I'm trying to upgrade my 2950G-24-EI via tftp but it looks like the sw can't transfer any of the files completely or with errors. I downloaded the BIN+TAR files from Cisco (and from another site) matching my Catalyst and opened an TFTP server on my PC. The files are :
