Cisco Firewall :: ASA5520 Running 8.3.1 Reboots When Try To Upload New Image
Mar 27, 2011
I'm running a couple of 5520 (with failover configuration) and fw 8.3.1. Everything worked fine until I try to upgrade firewall to new fw version: 8.4.1. [code]
When I try to upload new firrmware or asdm image, ASA, the appliance reboots during tftp session. I've already tried to upload new images on both appliance, or use CLI either ASDM, but the result is always the same: ASA reboots.
From my point of view, the problem isn't the image but could be the firmware I'm running, becouse using fw. 8.0.1 I was able to upalod asdm 8.3.1, but using fw 8.3.1 I can't upload the same image.
I have a pair of asa5520's in active/standby configuration. I plan on ugrading the asa/asdm images to 8.4 shortly (currently on 8.0) and would like to do this with zero downtime. Specifically, I would like to upload the new software to the standby unit, upgrade it, swap standby/active units and then upgrade what will become the standby after the swap.The problem I'm having is getting the new images uploaded onto the standby unit. I've read that the routing table is not shared from the primary and the USB ports are "for future use". I have no problem uploading the new images to the active unit via tftp...but can't do the same to the standby.
I upgraded my ASA 5520 with the latest image. Now I get an error upon launching ASDM.Your ASA image has a version number 7.2(4) which is not supported by ASDM 6.4(1), use Device Manager version 5.2(x)Continue Anyway?
What are the newest, recomended image versions of ASA and ASDM I should be using?I will also be using the SSM-20 module with this setup, so I would like to stay with a working version of ASDM.
we have an ASA5520 need upgrade new anyconnect client, but the new version is too big, so it's no enough space. I want to delete the ASDM image to free the more space. My question is when I delete the ASDM image,if I could manage the ASA from web browser?
I have a Cisco 5505 that had its disk erased (erase:disk0) and now I am trying to load a new image (822 or 813) from a tftp server.
From the ROMMON prompt I have configured the relevant parameters and run a tftp command.
The tftp transfer seems to complete successfully but then it gets stuck on "...loading".
I have tried different versions of IOS and I always experience the same problem, even though, with older versions of IOS (7.x), the device manages to reboot itself but then it crashes with the following error:
"Error : Uncompression of the image failed. invalid compressed data--format violated"
Could it be an hardware related-issue or a licensing problem maybe? or am I missing anything obvious?
also, with regards to the license: once restored, how do I get my 50 users license back?
The customer forgot the password for the ASA SSM-20 ips module installed in ASA 5520 Fw.show module in customer FW shows it up state. I brought it to our office teat bed. here it show
ASA1# sh module Mod Card Type Model Serial No. --- -------------------------------------------- ------------------ ----------- 0 ASA 5520 Adaptive Security Appliance ASA5520-K8 JMX1022K03A 1 ASA 5500 Series Security Services Module-20 ASA-SSM-20 JAB101003C2 Mod MAC Address Range Hw Version Fw Version Sw Version
[code]....*-
what to do with this module in my test bed.I have to take it back to the customer site to use it in their ASA itself to troubleshoot.There it the status is up and i did use all the hw-module option but no use. The version is 5.0. This module is more than 5 years old and so far no one upgrade the image. ASA 5520 running 8.2.5.
I have an ASA 5520 running version 8.2(1) and I am having an issue with ASDM sessions.I can SSH into the ASA and have tried to clear the sessions but they do not clear as per below.
An interesting point: the host dguselnx is my linux based computer that I am using to SSH to the ASA. I do not connect via ASDM from this device so it is strange that the hostid for the asdm sessions is showing as my linux host and not my Windows laptop (that I am trying to connect via ASDM from).
I'm looking at adding a Cisco 3750-X switch running c3750e-universalk9-mz.122-55.SE1 (IP base license) into a stack of 3750-G switches running c3750-ipbasek9-mz.122-55.SE1.bin Given that the version and feature sets are the same I don't forsee any compatibility issues. Would there be any reason why a universal image wouldn't stack correctly with other switches running the single .bin file?
I wanna upload ios image of 36mb on a 2801 but I get error not available space. The router already has ios image of 40mb and available space is around 15mb. How to delete existing image and upload the new image?
I was trying to upload image to sup x4516 V10G from Rommon using the management port but did not succeed. The steps which I did as mentioned below: [code]I got the tftp request on the tftp server but from the switch was showing access violation
I'm have upgraded our ASA5510's from 7.0.8 to 8.4.3 and now I just need to do the ASDM, but get this error? The bin file has been uploaded: [code] Device Manager image set, but not a valid image file disk0:/asdm-647.bin.
How can I increase the timeout value on an IPSEC VPN tunnel running on an ASA5520? The users claim the tunnel is timing out causing transactions to stop flowing.
I need to replace an existing ASA 5540 with a new ASA 5525X. I would like to pre-stage and configure the new box with the existing config, migrate license and export certificate files before swapping it with the old one during a change window. The new firewall will run 9.1 on deployment. Now the same 7.2(4) cannot just be copied over to 5525X running the minimum 8.6 version. There is a Web based tool available at [URL] according to Cisco documentation but the page does not load for me (Cisco intranet only tool ?). Is there another tool for automatic conversion ?
we just bought brand new Cisco ASA 5510.We are using it in transparent mode, only for firewalling.But we have problems... This device reboots itself several times in day. Actually throughput is around 5 Mb/s and connection number is around 200.
I currently have a problem where I have to constantly reboot my ASA whenever my cable modem reboots. The ISP (Pen Tele Data) is setup so that my ASA has to obtain its' static IP using dhcp (ip address dhcp setroute) on the outside interface. Now, I also have another location with a cable connection (Comcast) that does NOT experience the same problem. However, the difference is this ISP allows me to assign my static IP directly on my outside interface. What can I do so that I don't have to reboot my first ASA everytime modem reboots.
With regarding to the firewall ASA5520, i'm using it in my network, all the confiuration are properly configured and working but with the use of proxy address in internet explorer(e.:206.53.155.129/3128) all the blocked contents as easily accessible simply it bypass all the network through firewall.so will u guide me to block the proxy servers.
I have two asa 5520 firewalls. one at my primary data center connected to our production Internet feed, and one at my fail over data center connected to a backup internet feed. I was wondering if there was an easy way to keep the firewall rules in sync between the two firewalls. We have failover with our isp that will move our public facing address block from our primary site to our dr site in the event of a disaster so the ip addresses will not change if we were to have to fail over to the DR site. currently i just have to do any changes that i make on the fail over server but would like a way to at least simi-automat this if not fully automat this so that i can eliminate the possibility of human error of a change happening at primary but never getting don at DR.
I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
They have an ASA-5510 with version 8.2(5). They just upgraded their Internet bandwidth to 30 Mb both ways.If we do a speed test in front of the ASA, we get 28 Mb/s upload and download, with a ping of about 5 to 10 ms.If we go behind the ASA, the download is about the same, the upload is decreased to about 12 Mb/s and the ping goes to 260 ms The license is base, there are no additionnal function added to the firewall (no IPS). I've check the speed and duplex and everything is fine.There are no drops on the interfaces or rules of the firewall, no drops on the Interface of the ISP router either. All interfaces are configured at 100Mb full duplex.I saw a couple of discussions on this in the forums, but they don't seem to come up with anything and they look like they end in the middle of the whole story, like once the problem is solved, they don't update their discussion.
Our internet connection is connected to an ASA. The download speed is ok but the upload is very slow. we have been running some speed test from our LAN, and have been also trying to upload/download file.
Our ASA also have the IPS module. I turned this off but we've got the same result.
I send here attach the configuration file of the ASA.
As of right now, I don't have access to the PIX itself but can get access to it later today. In the meantime, I wanted to get everyone's opinions on a very peculiar issue I'm seeing with Internet download speeds.
Prior to last week, my company was utilizing a Sprint T1 connection for all visitor traffic. Attached to the Sprint T1 was a Cisco router -> C3524 Switch -> PIX-506E device.
Last week, a decision was made to upgrade our bandwidth for our visitor traffic and we replaced the T1 with a Comcast Business Class cable solution. The bandwidth we ordered was 22Mbit down/5Mbit up. From the cable modem that was provided, we connected it in the same manner -> C3524 Switch -> PIX-506E device.
Since the change, I noticed that our visitor V LAN hasn't really had much of a change in Internet speeds. Doing some quick speed tests, it shows that our download caps at around 5Mbit but our uploads are in the 22Mbit range.Thinking Comcast messed up and accidentally flipped our download/upload speeds, I was on the phone with them for almost an hour as we investigated the issue. They finally had me connect directly to the Comcast cable modem to test on my laptop. The results are that from the cable modem, the speeds are correct (I get 22Mbit down, 5Mbit up).
I'm not really sure how to troubleshoot this or where to even begin. At first I thought maybe our PIX couldn't handle the speeds, but it's handling the upload rate just fine. All I know this has to be equipment on our side since Comcast had me test directly from the cable modem.
i have an ASA 5510. it was running asa708-k8.bin and i have attempted to install asa821-k8.bin. i have done this on many ASAs before effortlessly.this time i have had an issue. the ASA will not load the new image, and for some reason will not even load the old.the ASA seems to just keep crashing. i have erased disk0 (advised in forum): and attempted to load the image from tftp. please see below. i know i need to re-formaet the flash, but cannot get into the ASA at all to complete this. [code]
I got a PIX 501 off ebay and im trying to upgrade it to have an ASDM image on it.Ive downloaded every copy of the ASDM image i can get my hands on, and when i transfer it to the PIX when its up and running i get out of memory, If i do it through monitor mode, i get the error "bad magic number" no matter what i transfer to itI can transfer a new image to the PIX (a non asdm one through monitor mode.
I have a pix 515, time to time the firewall start rebooting with invalid flash error I found erasedisk.bin in internet, after that i cant load pix532.bin ios file and others pix***.bin are not workingThe only file i am able to load is pix508.bin it,s start asking me activatin number before install I have a previous activation number ios version 5.3.2 but this number is not correct.
I just bought a used PIX515e. It is running version 8.0(3) and ASDM 6.1.5 Because I do not know the history of the unit, how can I tell if the image used came from cisco and not some download site? I guess I should've thought about this before buying it but hindsight is...you know. Worse case is that the person who had it before me dl the software that was infected with a backdoor or something else. I don't have a service contract so I'm kinda stuck.
Can I download the image from the firewall flash and compare a MD5SUM?
We are now using image 8.0(4) for my ASA 5510. Later on, I would like to upgrade the image to 8.4(3).May I have to know what difference for those images, what should I take care of the script?
I need to upgrade the fwsm image from 3.1(10) to 4.0(8). Can i do it directly from 3.1(10) to 4.0(8) ?Do i need to upgrade other image also along with Firewall version 4.0(8)?
I have a asa5520 with five Internet IP.One for the internet interface and the others are static maped to dmz hosts. It runs rightly until yesterday.Now it will lose the connection to the gateway many times everyday and the dmz hosts can not connect to internet any time. configuration(simplified):
! interface GigabitEthernet0/0 nameif internet security-level 0
[Code]....
I called ISP to check,when ISP clear their router's ARP, the asa will lose the connection at the same time and then the ISP's router couldn't learn the ASA's MAC. After I 'clear arp' manually,The ISP's router can learn the ASA's MAC and the connection recovered,but the DMZ's cann't access internet still (of course,There is no problem between DMZ and ASA ,I ping the internet gateway from DMZ host and can not get any reply.).
We have 2 x ASA5520 and I upgraded this to 8.2.2 last year, I see 8.2.5 and now 8.4 is out. If we are having no issues, is it best just to leave it as it is? I can see a couple of features I may find useful in 8.2.5, but 8.4 seems like a huge jump and a risky one too.
