Cisco Firewall :: ASA 5520 Hangs During Boot Process
May 8, 2011
I have a problem getting my ASA 5520 boot properly. I first though of a flash problem and did a flash erase in ROMMON, then it brought error 15 during boot (No images found in / Error 15: File not found). I then TFTPied and image from Rommon, when done loading the image and start booting, the system hangs and nothing else. Attached is the screen I got on my console during boot up. BTW, the system was in the same state before I undertook any of the above actions. I don't have a service contract, so I can't contact TAC.
View 3 Replies
ADVERTISEMENT
Sep 8, 2011
When I use ASDM or the CLI to copy (ftp) files from my management station to flash on my ASA5520. I get to 99% and then the gui or cli window hangs.
The ASA itself completely freezes i.e. no traffic in or out until I kill the transfer window and then it may reboot
[and yes, there is more than enough free space on the flash file system for the files]
ASA5520 V8.2(3) / ASDM V6.4(5)
View 1 Replies
View Related
May 9, 2012
Today I installed a new SSL certificate for the management website. After the install the management process continues to hang in initializing.
I can stop the process and start the process again but it never gets passed initalizing.
View 1 Replies
View Related
Jul 16, 2009
I have an issue with Cisco ASA 5520, The summary is below!
Packet # 1 on inside capture the Call-ID was: Call-ID: 2a54f680-
a5d1de2a-160c-164070a@10.7.100.1
Packet # 1 on outside interface the Call-ID was: Call-ID: 2a54f680-
a5d1de2a-160c-164070a@149.5.33.44 --- this bcz of the inspection.
Packet # 2 on outside capture the Call-ID was: Call-ID: 2a54f680-
a5d1de2a-160c-164070a@149.5.33.44
Packet # 2 on inside capture the Call-ID stay: Call-ID: 2a54f680-
a5d1de2a-160c-164070a@149.5.33.44 --- this is the problem.
(This suppose to be Call-ID: 2a54f680-a5d1de2a-160c-164070a@10.7.100.1)The inspection should change the Call-ID for the incoming packet as it did with the outgoing packet. Whenever, the CM receive the trying message with different Call-ID it considered as new session and it keep sending invitation messages for the SIP provider.NAT is enabled.
View 2 Replies
View Related
May 16, 2011
My 851W will not complete the boot up process, here is the output during bootup(c) of the Commercial Computer Software - RestrictedRights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and ComputerSoftware clause at DFARS sec. 252.227-7013. Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)Technical Support: [URL] Copyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Wed 18-Aug-10 02:37 by prod_rel_teamImage text-base: 0x8002007C, data-base: 0x814ECE54This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.
View 3 Replies
View Related
Mar 19, 2013
document which explians normal booting sequence in a 6500 Switch running IOS. What I am looking for is in which order the image is loaded in SUP, RP, SP etc
View 1 Replies
View Related
May 2, 2013
why my AIR-AP1262N-A-K9 will not boot all the way. It will get all the way to initiating the interfaces and stop. I can never get to controlling the cli. This is my first time with a cisco ap but from everything that I read it seamed very easy.
This unit from what I understand will work all on its own with no controller. Hence it is called a "standalone" model. Yet it seems to be looking for something to finish during the boot. Below is the out put during boot. The last line is where it stops.
r WRDTR,CLKTR: 0x8200083f 0x40000000r RQDC ,RFDC : 0x80000033 0x00000212
using eeprom values
WRDTR,CLKTR: 0x8200083f 0x40000000RQDC ,RFDC : 0x80000033 0x00000212
[Code]......
View 7 Replies
View Related
Mar 15, 2012
According to the documentation, I'm supposed to be hitting the Esc key when I see the Loading "flash:/[imagename]" ####### ... line, but this doesn't seem to be working. I've tried hitting the Esc key a lot during those lines, holding it down, hitting it early, hitting it late, hitting it in the middle, and still no joy.
I'm trying to break into a handful of malfunctioning 1242AG APs to see if I can get them working, or if they're faulting hardware that's beyond repair. (So far they're all coming back with: no "IP_ADDR" variable set, so how to set that without breaking out of the boot cycle).
View 4 Replies
View Related
Jul 31, 2011
I have multiple site-to-site vpns using ASAs 5510 and 5520, tunnels were configured 3-4 years ago, and all these 3-4 years one vpn tunnel hangs until I clear isakmp sa peer. When I say hangs, I mean I can see the tunnel is UP and MM_ACTIVE with sh crypto isakmp sa, but I can not ping the remote subnets. When I clear the tunnel, it somes up again and communication is successful.
View 2 Replies
View Related
Oct 9, 2012
I have two core switches - 4506E, and i noticed there are frequent cpu spikes on both of the cores switches. As its spikes intermitendly i couldnt able to anlyze the issue. I need inputs on the following,
1) Is there any Free CPU process monitoring tools to identify which process is spiking ?
2) Troubleshooting techniques to identify the issue.
View 1 Replies
View Related
Aug 15, 2011
As i'm facing the issue with Cisco CSC module installed on ASA 5510, It hangs up and doesnt work sometime, so it is bypassing all the traffic without inspection through CSC module. After restarting ASA 5510 box, it works fine as it used to work. Now, My question is how can i refresh the module again without interrupting the ASA box/ and how can i avoid this problem forever? Because i cant interrupt the daily work due to this module problem by restarting the box again and again.
View 1 Replies
View Related
Apr 24, 2012
the inside interface on our primary ASA seemed to "hang". It dropped all the packets it received. Because the interface didnt go down, failover didn't happen. Device's info;
-Cisco Adaptive Security Appliance Software Version 8.2(3)
-Device Manager Version 6.3(3)
-Hardware: ASA5550, 4096 MB RAM, CPU Pentium 4 3000 MHz
-Internal ATA Compact Flash, 256MB
-BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
I attached a capture picture shows that traffic didnt go to the roof when the issue happened. Why the interface would "freeze" randomly?
View 1 Replies
View Related
Feb 4, 2010
When I try to boot my ASA5550 it hangs at "booting system please wait". I have tried to reseting the ASA but this doesn't work. what to try as I cannot get to the rommon.
View 9 Replies
View Related
Jun 16, 2011
I've a Cisco 5550 which hangs on powering up and stays at " Booting System, please wait..." forever and it has a flashing green Status LED.
The steps I've taken so far are:
1. Consoled with a different computer and tried to send the break signals (didn't work)
2. Open up the unit tried to remove the RAM's and reseated them again.
3. Taken out the CMOS battery on the board and replaced it with the new one (no luck still)
What is the next step, or shall I assume that the unit is dead.
View 1 Replies
View Related
Jul 25, 2012
I have a repating 2901 router failure when people attempt to download Apple Mac OS X Moutnain Lion upgrade from App Store.
The 2901 just hangs following getting a series of ZBFW packet drop failures:
001928: Jul 26 22:37:18.783 UTC: %APPFW-4-HTTP_PROTOCOL_VIOLATION: HTTP protocol violation (0) detected - session 192.168.223.109:49310 184.25.254.67:80 on zone-pair ZP-PRIVATE-OUT class ccp-protocol-http appl-class ccp-http-blockparam
[Code].....
View 9 Replies
View Related
Mar 19, 2013
I'm currently working on setting up 2 ASA 5510's with redundancy/failover. I'm not an expert when it comes to the ASA's so I'm not 100% sure if I can do what I need to.I have 2 inside networks that need to remain separate, a DMZ network,and an outside network. Since each network connects via ethernet to one of the 4 ethernet ports on the ASA 5510's, all 4 ethernet ports on the ASA 5510 will be in use. If I wanted to setup one firewall as Active and the other as standby, how would I go about doing that? Do I need a direct ethernet connection between the 2 firewalls to use something such as HSRP? Or would the Standby firewall be able to tell if the Active firewall is OK since they would both be connected on each of their interfaces to the same networks?
View 1 Replies
View Related
May 9, 2011
I'm having an issue, with an WS-SVC-FWM-1-K9.
The card doesn't boot properly, it tries to boot, but after a while the 6500 puts it in shutdown.
I've noticed that it has 2 RJ45 ports in the board, I've plugged my console cable, but i only get characters with the default serial configuration.
Any information about the port configurations? Is the port "PC Console" the correct one?
View 3 Replies
View Related
Jul 29, 2010
My ASA5505 is not boot up. I did upload ios from rommon mode with tftp and tftpdnld.It is uploaded successfully after reboot it stopped at cisco logo sing.
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
I deleted old ios and upload new but look same.
View 16 Replies
View Related
Feb 22, 2012
how to upgrade a Cisco Pix 525 boot rom from 4.0 to 4.3. Is it a physical chip or software upgrade? Is it needed to upgrade to latest IOS on Cisco Pix 525 to 8.0. Where can I find more information on it?
View 1 Replies
View Related
Apr 10, 2013
I have a Cisco ASA 5510 with a strange issue. When I power it ON, the following is the status of the front panel LED:
Power is OFF
Status is Amber
Active is Amber
VPN is Green
Flash is OFF
Also nothing comes up on the console. I suspected a Power supply issue and replaced it, but still it doesn't seem to work.I cant open up a TAC as I do not have a Smart Net contract.
View 2 Replies
View Related
Sep 24, 2007
When I power on our ASA 5510 it just hangs on "Launching BootLoader...".
I've managed to get into ROMMON before it attempts to launch the bootloader and tried to restore an ASA image but it said disk0: failed to mount.I've copied the console output but am not sure if it is useful to diagnose the problem or not (and is quite long)
View 9 Replies
View Related
Dec 20, 2012
I have 7604 router with FWSM module in module 3.First of all the FWSM CF has been damaged, not physically. I bought the new same compact flash (size, partnumber, etc.). Downloaded the software 3.2 for FWSM, and ASDM from Cisco website. I realized that the procedure of creating new CF for FWSM is quite diffucult: creating 1-5 partitions, where 1 - is MP, and 4th - application partition. According to cisco documentation - the default boot partition is the 4th, so I partitioned from 7604 the CF into 4 partitions (partition disk1: <1-4> maximum) and copied the software and ASDM to the 4th partition (disk1:3:). Removed the CF from the router and put it into the FWSM module.
View 1 Replies
View Related
May 1, 2011
I have an ASA 5505 that I was updating from frimware 8.04 to 8.41. Anyway, I went through the update procedure half-asleep and accidentally deleted the boot image right after I installed it (I used the CLI and put in the command del asa8*.bin then just hit enter a bunch of times, which of course means I deleted the old firmware too).
So now whenever I power up the ASA, I get the "Could not find boot file" error. Is there a guide somewhere that tells me how can upload another boot image to the ASA and set the ASA to boot it from teh ROMMON prompt?
View 1 Replies
View Related
Nov 2, 2012
We were using ASA-5520-K9 with ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.
View 1 Replies
View Related
Feb 27, 2013
I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
View 5 Replies
View Related
May 5, 2013
I have an asa 5520. How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?
View 1 Replies
View Related
Jul 26, 2012
We are using the newest release of AD Agent (1.0.0.32.1, built 598). The ASA Firewalls 5520 are having the software release 8.4(3)8 installed.When somebody tries to connect thru the Identity based firewalls from a citrix published desktop environment (PDI) the connection is not possible. Checking the ip-of-user mapping on the firewalls (show user-identity ip-of-user USERNAME) mostly doesn't show the mapping of the USERNAME and the PDI the user is logged in. The user-of-ip mapping of the PDIs IP-address shows mostly other users, which then are used to authenticate the acces thru the firewalls.
What is interesting, that on the AD Agent using "adacfg.exe cache list | find /i "USERNAME"" i can't see the PDIs IP-address neither because it is mapped to another user.Is Citrix Published Desktop environment supported to connect thru Identity based Firewalls? How AD Agent, Domain Controllers and Firewalls are working together? On the firewalls with "show user-identity ad-agent we see, the following:
-Authentication Port: udp/1645
-Accounting Port: udp/1646
-ASA Listening Port: udp/3799
Why Cisco does use 1645 and 1646 and not 1812 and 1813?The Listening Port is used for what purpose? we tried the AD Agent modes full- download and on-demand with the same effect.
View 17 Replies
View Related
Apr 15, 2013
I try to launch a LAND Attack against my firewall ASA 5520. Everything will work fine. But why, I think it should not work. I use a little tool where I can user a spoofed address, with a cluster shell and attack the firewall interface with the source of 127.0.0.1 ore the ip address of the interface as the source and destination. Then I get a cpu load of 89% with only two host. With IP tables I can use kernel processes to prevent this. But I don´t find anything for ASA.
View 1 Replies
View Related
Jan 4, 2012
Two different WAN links get connected to the firewall via two routers.(Different ip subnets).I need to get this two wan streams seperatly to the core switches.Core switches sits.Active/Stanby senario. If the Active core goes down Stndby Core will have take over the traffic. My design is correct ,if not what do i need to change. ASA is 5520.
View 8 Replies
View Related
May 22, 2013
I have ASA 5520 installed. I want to use ntp server for firewall clock setting. I found one open-access ntp server (stratum 2) in Los Angeles:
[URL] 209.151.225.100
Can I use the following command to set ntp server?
ntp server 209.151.225.100 source outside.
View 3 Replies
View Related
Jan 1, 2012
communication between 2 vlans.i have 2 vlans
Vlan 100
ip add 1.1.1.1
!
!
!
Vlan 200
ip add 2.2.2.2
i want to make communication between 2 vlans on firewall 5520 ASA 8.2.
View 1 Replies
View Related
Feb 27, 2011
I have a serious problem with my corporate firewall, witch is an ASA 5520, fv 8.3, with 8 +1 interfaces. It suddenly started to crash every 10/20 minutes and rebooting alone.
First of all I checked system resources witch are in a very low usage state. I also checked interfaces errors, but nothing strange come out o from error counters analysis. I tried disabling logging and all the service policy rules configured, but nothing changed.
Nothing changed and firewall continue restarting by itself.
Last logs I received before crash were:
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack =
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack = 0x084A619E 0x084A6512 0x084A70E1 0x084A7987 0x084A7AAA 0x08558B9B 0x08558E8A 0x083D3518 0x083CA145 0x080659D1 0x089196D9 0x08919790 0x089FF711 0x08A27468
Here the sh crash info command on module 0, after last reboot:
[Code] ......
View 12 Replies
View Related
Nov 29, 2011
we are having a firewall asa 5520 .we have connected the management port and inside port to internal network and dmz port to dmz network.now we need to configure tacacs and other management tool on dmz devices through management port. The problem is the management devices tacacs and other are placed in internal network.
View 2 Replies
View Related
