Cisco Firewall :: ASA 5550 - Cannot Copy IOS From Flash To PC
Jan 8, 2013
I just got a brand new ASA 5550, i configured the port g0/0 on asa with an ip address 192.168.10.1 then configure my computer with ip 192.168.10.2 and default gateway is 192.168.10.1. I'm able to ping the asa from my computer. I remote to ASA thru the console port and try to copy iOS from flash to my pc but it doesn't work.
Cisco asa# copy flash tftp://192.168.10.2/asa804-k8.bin
Source file name []? asa804-k8.bin
Address or name of remote host [192.168.10.2]?
Destination file name [asa804-k8.bin]?
Writing file tftp://192.168.10.2/asa804-k8.bin...
!%Error writing tftp://192.168.10.2/asa804-k8.bin (Timed out attempting to connect)
Cisco asa#
I am using TFTPD32 to upgrade the IOS on a router. When I type in the commands copy tftp flash and enter all the necessary information, the router sits for a minute or so and then times out. There is no entry made in the log when it times out. copy flash tftp yields the same result. The fa 0/0 interface and the TFTP server are both on the same subnet and can successfully ping one anothe
Trying to copy the system image file from the sup-bootflash to a new 64MB ATA flash card. Yes the software can support the 64MB card.
The ATA flash card was formated successfully, however I cannot copy the system image to it so that it can boot after a power loss. The command I tried was: console(enabled) copy sup-bootflash: slot0:
The source filename was typed in as shown in the Show Verison command.The result was: Error opening slot0: no such device.I suspect that I am missing something obvious as I am new to Cisco Switches.
I have a really stupid problem with my RV042. The main logon password has expired but it will not let me change it at all. Basically I try to login but get the error 'The old password has expired. Please change the password'. But with no prompt at all for a new password and just a return to the login page. Tried various different browsers, tried the old default password but nothing will work. There seems to be no way of changing it and I cannot login.Am I missing something glaringly obvious? I really don't want to reset it to default as I have numerous VPN tunnels configured and various other settings.
I have two Routers (C1812 & C1841) each having different version of IOS images. I was wondering if its possible to copy IOS image from flash of one Router and use it to upgrade another.
I am trying to research the possiblity of backing up IOS and configurations from an Etherswitch module, and being able to store the files onto the Host Router's flash (3925 ISR). and then being able to recover that IOS and configuration, in case I have to replace the Etherswitch Module.
t#copy flash: tftp: Source filename []? c2960-lanbasek9-mz.122-44.SE6 Address or name of remote host []? 10.23.120.15 Destination file name [c2960-lanbasek9-mz.122-44.SE6]? %Error reading flash:c2960-lanbasek9-mz.122-44.SE6(Is a directory)
sh flash:
Directory of flash:/
2 -rwx 1919 Mar 1 1993 10:27:17 +05:30 private-config.text 3 -rwx 11056 Mar 1 1993 10:27:17 +05:30 config.text 4 -rwx 804 Mar 1 1993 05:30:42 +05:30 vlan.dat 6 -rwx 2072 Mar 1 1993 10:27:17 +05:30 multiple-fs 7 drwx 192 Mar 1 1993 05:37:02 +05:30 c2960-lanbasek9-mz.122-44. SE6
I have a 3550 switch that I am trying to upgrade the IOS on.I am trying to copy to a TFTP server.I am receiving a socket error.I saw that this can be fixed with
Switch#config t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#no service config Switch(config)#exit Switch# 00:13:47: %SYS-5-CONFIG_I: Configured from console by console Switch#reload
I have done this 3 times to no avail.My TFTPd32 server on my pc is working fine.Here is the error
Switch#sh flas Directory of flash:/ 2 -rwx 556 Mar 1 1993 00:33:53 +00:00 vlan.dat 4 -rwx 3775 Mar 1 1993 00:37:54 +00:00 config.text 5 -rwx 24 Mar 1 1993 00:37:54 +00:00 private-config.text 6 -rwx 5687963 Mar 16 2007 01:05:23 +00:00 c3550-ipbasek9-mz.122-25.SEB4.bin 8 drwx 192 Mar 1 1993 00:04:40 +00:00 c3550-i9q3l2-mz.121-22.EA1a
I am trying to configure a switch that was given to me. They don't know the password to anything. I have already tried to recover it. The problem is, the switch doesn't load flash, or will copy flash from xmodem either. It also doesnt load the helper or boot. It is user mode and lets me do nothing. It doesnt let me use the enable command to get into it. I would like to start the config from scratch. Its a 3500xl switch, 24 ports. I dont know what to do with it. I am trying to study for my CCENT Exam and would like a switch that worked.
When I try to copy ios to one flash in router 2801, I receive the message of of insufficient memory, and have the follow out in the next command: [code] This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.
I have a cisco 3750 swicth which i want to load a new ios to but unfortunately there's no enough space on the flash. This means that i need to backup the cureent (old) ios to my tftp server but the command keeps failing. It always gives 'No such file or directory' error .The free space on the flash is 8mb and my new ios is about 11mb.I also went inside the directory where the old is and inputed the same copy command but to no avail.Below are some of the command failure on the swicth:
I recently posted this same issue the other day, using TFTPd32. Now i am pretty close to fixing it. I do have a different setup; my pc ethernet port is broken so I am using an ethernet/usb adapter. I am attempting to backup my IOS from a 3550 switch to my PC.
How do I save/copy all of the router configuration entries onto a memory/flash usb drive? I did not configure the router myself (out of town when purchased). I have already downloaded the manual for that router and I want to understand exactly what she (person who configured router) did and identify any mistakes she might have made. Once downloaded, I assume I can print out all configuration settings.
i two 5550 firewall set up for redundance purpose . in failover we define two different ip add one for primary and one for secondary .interface Ethernet0/0 nameif outside security-level 0 ip address xxxx.0.0.0.1 255.255.255.0 standby xxxx.0.0.2!interface Ethernet1/0 nameif inside security-level 100 ip address 10.0.0.12 255.255.255.0 standby 10.0.0.11.default gateway for host will be 10.0.0.12 (primary fw address) however in case of failover , the secondary fw will be up with ip address that was assigned for primary .in this case the secondary ip add 10.0.0.11 is actually nerver used? similarly do i need to have two public ip address for outside (one for primary and one for secondary ) ? or in case if primary fails the secondary comes onlie and take the ip of primary fw . hence i only need to purchase just one ip address.
I am having two ASA 5550 firewall running in active/standby mode. With in last two months our secondary firewall got down automatically 3 times. Firewall is running with IOS version 7.1.2. how to proceed further troubleshooting because there are not any logs on firewall.
I have seen similar questions but with not a lot of answers for the ASA platform. As the title states, What procedures can I use to copy a pre-existing configured CISCO ASA 5520 to a brand new CISCO ASA 5520. I have found a URL that seems to answer some questions but not all. [URL]
The URL talks more about the PIX's than the ASA
Is there any documentation or shorter procedures for product specific on the 5520?
I made an ASDM upgrade for one of my two CISCO ASA 5520. If I copy a file to the primary ASA's flash, is there any command I can run on the primary ASA to copy a file to the secondary ASA?
I was trying to upgrade from 8.3.1 to 8.3.2. but I am unable to copy via tftp to the ASA flash or disk0:
ASA5520# copy tftp: flash: Address or name of remote host []? 10.88.127.153 Source filename []? asa831-k8.bin Destination filename [asa831-k8.bin]?
[code]....
Half way thru writing to the disk, it goes for a reboot. There is more than enought space on the disk0. I tried copying via a Compact Flash, but the ASA is not detecting the Compact Flash (which I thinks should be disk1). I tried copying a asdm file, even that also went for a reboot.I am stuck now, unable to upgrade
I have SSH and SCP enabled on the ASA 5510. I can SSH fine into the device. However, I cannot copy files to the device usng WinSCP. Used all options but nothign seems to work. I see the log authentication successful, but then WinSCP reports no response from ASA.
I have ASA5550 ruuning Version 8.3(1) with inside and outside interfaces as below [code] On the inside : I have a server (10.20.10.36) that need to be accessed from an outside host (Y.Y.131.34) , so I have the below NAT/ACL rules. [code] is it right that I have to add two ACL entry for outside host to the NATed IP of the inside server , then again add another ACL entry from the same outside host to the private IP of my inside server o get this communication done?
we had just installed our ASA 5550 with IOS 8.0(2) a couple of week ago.
2 interfaces from each slot are being used ie 0/0 for Branch users comming via MPLS cloud , 0/1 for internal LAN users comming form Core Switch & 1/0 for Server farm LAN , 1/1 for Internet (outside)
the first 3 interface are considered inside with sec set at 100 while the 1/1 is outside with sec at 0.
Last night it suddenly started dropping all connections without any warning or any noticible log form the ASDM logging.
the connection drop would happen for 2 - 3 minutes and would work fine for the next 15 minutes or so..
after conencting the console , we found out that the IOS would suddelny go abrupt and show this display ...
TP-ASA(config)# TP-ASA(config)# TP-ASA(config)# Thread Name: Dispatch UnitPage fault: Address not mapped vector 0x0000000e edi 0x24d184b0 esi 0x0000000d ebp 0x1c6ceaf8 esp 0x1c6ceae0 ebx 0x09e965e0 edx
I have looked in the books I have (Cisco ASA, PIX and FWSM; ASA 8.0) and googled a good bit but can't seem to find any specific mention of how to do NAT exemption with v8.4. It seems NAT exemption (NAT 0 access-list) was deprecated. Using ASDM, there's no corresponding menu item for this that is obvious.
We have public addresses inside the ASA and want to allow in/outbound connections using these IP's without NAT. The ASA is a 5550.
I need to understand if ASA 5550 ver 8.2(1) is comptible with IPv6, if not what is the upgrade path to make it IPv6 compatible. The requirement is dual stack of IPv4 and IPv6 should run in the same HA cluster and later will shift IPv6 completely.
The existing infrastructure is equipped with ASA with HA Active/Active mode. The command output for required details are attached here in txt mode.
I have Active Standby ASA5550 setup with VPN premium license. A few days back we had a requirement of SSL VPN connection for and we got a temporary from Cisco for same, this license expired and the ASA reverted to it's original license. 3 4 days after this we saw a sudden increase in CPU utilization (upto 90% + -5%) on the ASA during production hours but were not able to figure out the reason, in order to restore the services we failovered the firewall to secondary and everything worked fine. We were suspecting one of the following but there were no logs for any of this
1. The ASA hardware was haivng problem
2. Some client was doing a DoS attack to bring down the ASA (no logs for this as well).
We took a downtime to look further by failovering the ASA back to primary and it worked fine without any issues ruling out the 1st option. We also came across a licesing doc [URL]
Downgrading any license (for example, going from 10 contexts to 2 contexts).
# Note If a temporary license expires, and the permanent license is a downgrade, then you do not need to immediately reload the security appliance; the next time you reload, the permanent license is restored.
As per this doc, sooner or later a restart was required on the ASA. We restarted secondary ASA and everthing was fine but when we restarted the primary ASA by swtiching over to secondary some of the server (not all) in the DMZ stopped working (even ICMP unreachable) and only came back to normal when the primary ASA was restored and working fine (with failover).
The reboot was done by shuting down the physical link between the Core switch and ASA inside individually.
I am not sure what could be the issue that the servers in the DMZ wen unreachable.
In my Cisco ASA 5550, I need to set two different syslogs servers, and I need to send the system logs to the first one (only admins login/logout), and the traffic logs and all the rest (informational level) to the second one. Do you know if is it possible or not and, if yes, how to configure it?
I would like to work with two ASA's 5550 in HA (Acitve-Standby) like perimetral firewalls and also work with another ASA 5540 but like a SSL VPN Remote Access to end users.Which will be the best topology to this scenary?. Perhaps i need to put the ASA 5540 SSL VPN together with the ASA's in HA directly in a port.
I am using an ASA5550 for a complex secure network that has at least six "outside" networks. Each "outside" network is assigned to a specific port each set at level "0". I also have a DMZ, set to level "50". I am having difficulty with passing traffic from a host in the DMZ to all but one of the "outside" networks. Is there a limit to the number of "outside" interfaces? I will provide a redacted config file as soon as possible.
I have the following problem, right now we have an ASA 5550 connected to the client´s side. A reset is being received on the client´s side, but when we run the sniffers on both extremes of the network, we can see that the reset is not being sent by the server´s side.
We have narrowed it down to the 5550 ASA, but have found no bug that matches the description.
The characateristics of the reset packet are the following:
- It is the only packet with a TTL of 255.
- Both server and client have very different window sizes, and the reset packet even though has the server´s ip and port as source of the packet, it has the client´s window size.
- It has a correct ack number.
-Before the reset is received, there are a couple of retransmissions of the last packet sent.
- We´re handling a VPN tunnel between both servers.
