Thursday, May 10, 2012

How to recover an ASA where the flash has died or you have replaced the flash

I had an ASA flash die today, it was an unfortunate experience that I recommend avoiding!

Anyway, Try as I might I could not find any directions on how to recover from this situation, so I thought I would put in vivid detail what worked for me so it can help others out there

First, if your flash has died, the ASA won't boot, you need to console into the ASA and wait for the following prompt:


Cisco Systems ROMMON Version (1.0(11)2) #0: Thu Jan 26 10:43:08 PST 2006

Platform ASA5520

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.

Press ESC to break the boot process and you will be in ROMMON:

rommon #1> 

You need to set a bunch of variables so that the ASA can download the image over your management interface, so plugin a laptop and run up a TFTP server and put the image on a directory accessible from the TFTP Server

rommon #>  ADDRESS=192.168.50.1
rommon #>   SERVER=192.168.50.2
rommon #>   GATEWAY=0.0.0.0
rommon #>   IMAGE=asa804-k8.bin


In my case I did not need a gateway but in your case you might, you can also specify what port it should use by setting some other variables, to get a list of variables type help but for most situations the above will be enough.

Next type tftpdnld to start the download process:


rommon #4> tftp
ROMMON Variable Settings:

tftp asa804-k8.bin@192.168.50.2
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

The image will then boot, but this is not the end of your adventure, you will be booted into the ASA:
and see something like this:

Insufficient flash space available for this request:
  Size info: request:32 free:0  delta:32
open or write(ffsdev/2/write/32) failed
Could not initialize system files in flash.
Type help or '?' for a list of available commands. 


this is saying it can't see the flash, so go ahead and enter enable mode and we will format the flash

 
ciscoasa> en
Password:



ciscoasa# format disk0:
WARNING: Saving activation key file failed. Proceed with operation? [confirm]

Format operation may take a while. Continue? [confirm]

Format operation will destroy all data in "disk0:".  Continue? [confirm]
Initializing partition - done!
mkdosfs 2.11 (12 Mar 2005)

System tables written to disk

Format of disk0 complete
ciscoasa# fsck disk0:
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
/dev/hda1: 2 files, 2/62934 clusters

fsck of disk0: complete
ciscoasa# dir

Directory of disk0:/

No files in directory

257777664 bytes total (257769472 bytes free)
ciscoasa#  



Now that you can actually see the disk0, you need to reconfigure the management interface AGAIN:

interface Management0/0
 nameif management
 security-level 0
 ip address 192.168.50.1 255.255.255.0
ciscoasa# ping 192.168.50.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.50.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms



You can now copy the image again over tftp using the usual copy tftp flash command:
ciscoasa# copy ftp flash

Address or name of remote host [192.168.50.2]?

Source filename [asa804-k8.bin]?

Destination filename [asa804-k8.bin]?

Accessing ftp://192.168.50.2/asa804-k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


You can now write the mem and reload!

You may have to retrieve your activation key though for your ASA












ciscoasa# format disk0:
WARNING: Saving activation key file failed. Proceed with operation? [confirm]

Format operation may take a while. Continue? [confirm]

Format operation will destroy all data in "disk0:".  Continue? [confirm]
Initializing partition - done!
mkdosfs 2.11 (12 Mar 2005)

System tables written to disk

Format of disk0 complete
ciscoasa# fsck disk0:
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
/dev/hda1: 2 files, 2/62934 clusters

fsck of disk0: complete
ciscoasa# dir

5 comments: