I need to upgrade the compact flash of my ASA 5510 from 256MB to 512MB. A friend's recommendation was to buy a card reader, copy all of the data from the existing card and paste it to the new compact flash. I have a hard time believing that it's that straight forward.
Any safer, more foolproof way of migrating between flash cards?
I am working on a project to migrate a single Checkpoint firewall over to a single ASA 5510, no VPN, just firewall. The checkpoint firewall has 8 physical interface so the ASA 5510 also support physical 8 interfaces so thiw will be a one-to-one swap. At the moment, I don't have an ASA 5510 to test my theory so I am going to throw it out here. The checkpoint firewall is a SPLAT running on an powerfull IBM Server with 8 CPU dual cores with 32GB of RAM and it has 1200 rules with over 120,000 objects with some of the crazy NATs but it works so we will just leave it at that. There are not that much traffics going across the firewall so there are no need to put in an ASA 5585
I use the cisco conversion tool to do the policy conversion from Checkpoint to Cisco, I get about 1.5 million lines in the configuration. A lot of it has to do with Checkpoint having no concept of interface security level while ASA does. I am sure I can optimize it to cut down the number of lines in the configuration; however, that is not my main concern at the moment. The customer goal is that at the time when cutover from Checkpoint to Cisco ASA, they want everything to be perfect, meaning that it will work like magic.
My question is that can the ASA 5510 handle 1.5 million lines of configuration? Are there any limitations on this? I know there are limitations with FWSM but since I don't have an 5510 to test.
In order to do a flash upgrade on a 5510, is there any way to get the files from the existing flash onto the new flash before you replace existing flash? Is there an online procedure?
View 2 Replies View RelatedI deleted the flash from an ASA5510. I was able to tftp a version back into the device, but cannot seem to correctly have the box boot from this flash. I get the following error:
!WARNING: BOOT variable added, but not a valid image disk0: /asa831-k8.bin
*** Output from config line 41,"boot system disk0:/asa83..."
I have tried every save syntax i can think of to save this flash, but have yet to have it boot with an image ( I keep booting into ROMMON and have to tftp the image back in)
My client has had to replace their ASA 5510. Upon importing the image to the brand new ASA they are unable to write to the flash.
They have run fcsk disk0: to no avail. show file system show 0 and 0 for Flash size and Free space on disk0.
Is there anything that can be done, short of formating flash and trying to reinstall the image? I have asked them to reload the ASA but they are reluctant to do so as they don't want the site to lose connectivity.
I was handed a firewall ASA 5520 but without external flash, I want to confirm that the ASA at least boot from rommon mode boot must have the external flash connected? I connected to power and I connect it by the console port it did not show any boot.Additionally I can confirm it is possible that you can connect a flash of a previous ASA model, say a 5510?
View 4 Replies View RelatedIs there a way to load a spare compact flash with a running-config, ASA IOS, & ASDM software via card reader? I need to load another flash card with all of the settings necessary for normal operation. This "spare" card will replace the flash that is currently in use. The reason for the replacement is capacity and because of changes made to the running-config. The "in-use" card is 256MB, the "spare" one is 512MB. Also, the new card will have a few changes made to the running-config, so it will, in essence, be a reload.
I have a card reader for the compact flash cards. If there is a way to load up this new card using the card reader, without monkeying with the firewall, I would prefer that. Like I said in the previous paragraph, this new flash card will replace the other one, once it's ready.
Hardware: ASA 5510
CF: 256MB (wanting to upgrade to the new 512MB card)
ASA IOS: 8.4
I have an 8 port Gigabit EHWIC in my Cisco 1921 router. A darn nice little switch module.
However, through my research, I am unable to find if I am able to change the way the NIC lights (green LEDs) on each port function. They basically just stay lit 100% non flashing when connected regardless of the port speed and duplex and ignore flashing for any activity.
Is there a deep layer command on these EHWIC cards to make them flash with activity like full standalone switches? Trust me when you have enough switch ports filled up it does make monitoring your networks health and activity by having the port led's respond to traffic flow. At least in my opinion.
I just read the Removing and Installing CompactFlash Memory Cards in Cisco 2800 Series Routers instructions and there was nothing said regading powering down the router. Are these CompactFlash cards hot swappable??
View 2 Replies View Relatedwhat's required for the migration from Checkpoint R75-20 Splat install to the Cisco ASA firewall, links to documentation - step-by-step.
View 3 Replies View RelatedI have two router Cisco 887 with vpn site-to-site:
Site A:
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key ********* address 85.34.AAA.AAA
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
[code]....
I want to remove VPN configuration from the router and put VPN Configuration on Cisco ASA 5505.The scheme would be: ASA5505(vpn site-to-site) -> 887 -> INTERNET this for both sites.My problem is that I do not know what ip put on interface Outside of firewall. For example on Site A delete all VPN configuration from 887 and leave only ATM0.1 point-to-point, on intereface Outside of ASA put ip of loopback(of router 887) and as default route 85.34.2.XXX. Right?
We try to migrate two ASA stateful Active / Passive from version 8.0 to 8.4 but many of acl rules and Nat no longer working. We must go through the version 8.2? The release 8.4 changes everything and seems to me not too stable, it'sl best to stay in 8.2 or 8.3 !!!
View 3 Replies View RelatedI have configuration on PIX804 :
On Pix804
interface Ethernet2
nameif ins10
[Code]....
On PIX515T(804) in packet-tracert option no Phase 1 - Route-lookup and both static nat works fine. May I disable on ASA phase route-lookup, that it not send packet on wrong interfaces ?
I need to replace an ASA with an IOS firewall router, and am not sure how to migrate the NAT configuration. Specifically, there is an interface "3rdparty" that has onward connectivity to other private addresses, so our internal addressing is hidden. For some reason there are static NAT rules in different directions across the interface, but at present I cannot see why. Thinking in router terms, all that springs to mind is the inside and outside tags for the interfaces, but also that it might need "overlapping" NAT to be configured.
[code]...
I have a Failover pair of ASA5550's running ASDM 6.2(5) and ASA 8.2(2). Originally they were setup with 2 context's and an admin context but one of the contexts has now been removed. I would like to now migrate to single mode before I go about patching them to the latest software.
View 4 Replies View RelatedI am trying to migrate checkpoint configs to ASA 5585 using SCT tool, this tool asking me to feed it *.W file from checkpoint which is suppose to be a rule definition file on CP, but I cant find it
View 14 Replies View RelatedI have a Fail over pair of ASA5550's running ASDM 6.2(5) and ASA 8.2(2). Originally they were setup with 2 context's and an admin context but one of the contexts has now been removed. I would like to now migrate to single mode before I go about patching them to the latest software.
View 2 Replies View RelatedI have a pair of ASA 5520s in active/standby failover mode, single context. I'll be migrating to multiple context mode later this week. Do I need to break failover first? Or if I don't need to, should I? Or can I do this while maintaining failover? Can either of these scenarios will work (or fail). I'll be remote, doing my work via SSH, but have somebody local who can console in if needed.
Migration option #1
Log into active/primary ASA
Configure Multiple Context mode
Reboot both devices
Login to active/primary ASA
[code]....
We have backup data center where I am now planning to provide backup internet service ( in the case where there is internet down or power outage at main server room) . I have a pair of Cisco ASA's 5540, one of which I need to move to backup data center ( BDC), Presently I have ADSL router at disaster serve room with static public IP from ISP.
Currently, I am publishing all my internal resources through ASA. Now my questions, if I move Standby ASA to Disaster Server Room. How I can publish the same internal resources through standby ASA and make it standby as active during the down time of main server room
Trying to copy the system image file from the sup-bootflash to a new 64MB ATA flash card. Yes the software can support the 64MB card.
The ATA flash card was formated successfully, however I cannot copy the system image to it so that it can boot after a power loss.
The command I tried was: console(enabled) copy sup-bootflash: slot0:
The source filename was typed in as shown in the Show Verison command.The result was: Error opening slot0: no such device.I suspect that I am missing something obvious as I am new to Cisco Switches.
Need this file to erase my flash memory?
View 2 Replies View RelatedWe have a customer that has a ASA 5525-x reporting only 4g flash memory rather than 8g has any 4g version of the 5525 or is the IOS reporting incorrectly the size, as it seems to be embedded on these units as a USB disk internal.
View 4 Replies View RelatedI am in the process of setting up the ASA5520 with the latest 8.4 firmware latest Anyconnect 3.0.
Unfortunately, the internal memory is sufficient enough for the ASA ASDM only. It says not enough memory when I tried to tftp the Anyconnect pkg.There is a external flash slot at the back of the ASA, I've inserted a 256mb CF card but when I do a show disk1: it shows
I just got a brand new ASA 5550, i configured the port g0/0 on asa with an ip address 192.168.10.1 then configure my computer with ip 192.168.10.2 and default gateway is 192.168.10.1. I'm able to ping the asa from my computer. I remote to ASA thru the console port and try to copy iOS from flash to my pc but it doesn't work.
Cisco asa# copy flash tftp://192.168.10.2/asa804-k8.bin
Source file name []? asa804-k8.bin
Address or name of remote host [192.168.10.2]?
Destination file name [asa804-k8.bin]?
Writing file tftp://192.168.10.2/asa804-k8.bin...
!%Error writing tftp://192.168.10.2/asa804-k8.bin (Timed out attempting to connect)
Cisco asa#
I am needing to upgrade the Flash card on our current ASA from 64mb to a 1GB card to make way from upgrading from 8.0 to 8.4. When i copy all the contents from the 64MB card through a card reader i am not getting the startup-config file copied over. I checked to make sure that all hidden files are shown, but i am not seeing it. I backed up the startup-config from the old 64mb card to a tftp server before switching the cards out. Is their something that i am missing?
View 4 Replies View RelatedHow do you save the command output from the CLI to a file on flash?
With IOS, I would normally use a pipe command to redirect to tftp, but the ASA doesn't support this as far as I can tell. As a work around I was thinking I could save the output to flash and then tftp that file off the ASA.
I need to upgrade the ASA 5520 from OS 8.2(5)26 to 8.2(5)33. the ASA only has 64M of flash. I have a 256M flash card. What are the steps to upgrade the flash? I am not sure how it will boot up because the new flash will be blank?
View 2 Replies View RelatedI was trying to erase some bad test configs on my 5505 with a write erase, but all VLAN and Ethernet configs remained. I hastily decided to do an erase flash. No I'm stuck at a ROMMON prompt with no image found to boot I'm hoping I don't have to TFTP a factory image. How do I find the images on disk0 and copy them?
View 16 Replies View RelatedI have two pix525 firewalls cann't boot up normaly and i find [[URL] no longer provides the falsh erase tool ,erasedisk.bin,download.
View 4 Replies View RelatedCurrently my ASA5510 has a 64MB internal flash. Does the ASA require a higher capacity flash for an IOS upgrade from 7.2(x) to 8.2(x)? The Cisco Release Notes does not state any internal flash requirement, but just wanted to double check.
View 2 Replies View RelatedI have pix 535 and wanted to erase the flash files (faulty) which already utilised 13 mb .so i cant upload new ios so i want erasedisk.bin ,i also have CCO account.
View 6 Replies View RelatedI recently upgraded the flash and the RAM on one of my ASA 5505 lab machines. The flash was upgraded from 128 to 512MB and the RAM was also upgraded from 256 to 512MB. I am using asa845-k8.bin. The firewall boots and runs file until you issue the reload command. The system shuts down but never reloads.
View 11 Replies View RelatedI have an ASA 5520, currently running version 7.25-k8. I'm preparing for an upgrade to version 7.25(4), so I transferred the software code (obtained via Cisco download) to the firewall vis SCP. I then issued the "verify flash:asa725-k8.bin" and it fails. It comes back with the error that the CRC did not verify, Data Integrity has been compromised". My first thought was the image did not copy correctly, so I deleted it and transferred it again. I got the same error. Then I decided to run a verify against the actual current code that was running on the firewall, and it came back with the same error. I don't understand what the problem is. I don't tend to think it's an SSH key related problem, as the method I use to access the firewall is via SSH and I have no problems. Worth noting,this firewall is part of an active/standby pair, and I observe the same behavior on the failover unit, it fails to verify.
View 3 Replies View Related