Upgrading ASA from 7.2(4) to 8.2(1)
ciscoasa# dir flash:
Directory of disk0:/
6 -rw- 8515584 08:42:32 Dec 11 2009 asa724-k8.bin
7 -rw- 4181246 08:42:56 Dec 11 2009 securedesktop-asa-3.2.1.103-k9.pkg
8 -rw- 398305 08:43:16 Dec 11 2009 sslclient-win-1.1.0.154.pkg
9 -rw- 6514852 08:43:58 Dec 11 2009 asdm-524.bin
12 drw- 0 08:46:52 Dec 11 2009 crypto_archive
127111168 bytes total (107462656 bytes free)
OR
ciscoasa# sh flash:
-#- –length– —–date/time—— path
6 8515584 Dec 11 2009 08:42:32 asa724-k8.bin
7 4181246 Dec 11 2009 08:42:56 securedesktop-asa-3.2.1.103-k9.pkg
8 398305 Dec 11 2009 08:43:16 sslclient-win-1.1.0.154.pkg
9 6514852 Dec 11 2009 08:43:58 asdm-524.bin
12 0 Dec 11 2009 08:46:52 crypto_archive
107462656 bytes available (19648512 bytes used)
Both outputs showed I have 107MB of flash left.
asa821-k8.bin is 15.8MB, so that’s more than sufficient.
Verify there’s connectivity to my tftp server
ciscoasa# ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Upload new image to flash from tftp:
ciscoasa# copy tftp: flash:
Address or name of remote host []? 192.168.1.2
Source filename []? asa821-k8
Destination filename [asa821-k8]?
Accessing tftp://192.168.1.2/asa821-k8…
%Error reading tftp://192.168.1.2/asa821-k8 (Could not open requested file for reading)
There’s an error because my filename was incorrect, I forgot to include the format of the image, try again:
ciscoasa# copy tftp
ciscoasa# copy tftp: flash
ciscoasa# copy tftp: flash:
Address or name of remote host [192.168.1.2]?
Source filename [cisco]? asa821-k8.bin
Destination filename [asa821-k8.bin]?
Accessing tftp://192.168.1.2/asa821-k8.bin…!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! <output omitted, there’s one huge page of “!!!!”>
Writing file disk0:/asa821-k8.bin…
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<output omitted>
I am using 3cDaemon which has tftp, ftp and syslog services, given to me by a friend (can I say out his name? :p). You can download this freeware from http://support.3com.com/software/utilities_for_windows_32_bit.htm
To verify whether the new image is in the flash or not:
ciscoasa# sh flash
-#- –length– —–date/time—— path
6 8515584 Dec 11 2009 08:42:32 asa724-k8.bin
7 4181246 Dec 11 2009 08:42:56 securedesktop-asa-3.2.1.103-k9.pkg
8 398305 Dec 11 2009 08:43:16 sslclient-win-1.1.0.154.pkg
9 6514852 Dec 11 2009 08:43:58 asdm-524.bin
12 0 Dec 11 2009 08:46:52 crypto_archive
13 16275456 Apr 07 2010 20:08:34 asa821-k8.bin
91185152 bytes available (35926016 bytes used)
Next update the latest asdm version:
ciscoasa# copy tftp: flash:
Address or name of remote host [192.168.1.2]?
Source filename [asa821-k8.bin]? asdm-621.bin
Destination filename [asdm-621.bin]?
Accessing tftp://192.168.1.2/asdm-621.bin…!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
ciscoasa# sh flash
-#- –length– —–date/time—— path
6 8515584 Dec 11 2009 08:42:32 asa724-k8.bin
7 4181246 Dec 11 2009 08:42:56 securedesktop-asa-3.2.1.103-k9.pkg
8 398305 Dec 11 2009 08:43:16 sslclient-win-1.1.0.154.pkg
9 6514852 Dec 11 2009 08:43:58 asdm-524.bin
12 0 Dec 11 2009 08:46:52 crypto_archive
13 16275456 Apr 07 2010 20:08:34 asa821-k8.bin
14 11348300 Apr 07 2010 20:19:46 asdm-621.bin
79835136 bytes available (47276032 bytes used)
Delete the older version of asdm:
ciscoasa# delete asdm-524.bin
Delete filename [asdm-524.bin]?
Delete disk0:/asdm-524.bin? [confirm]
Ok, now choose the latest image to boot:
ciscoasa# conf t
ciscoasa(config)# boot
ciscoasa(config)# boot ?
configure mode commands/options:
config start-up config file
system system image file
ciscoasa(config)# boot system
ciscoasa(config)# boot system flas
ciscoasa(config)# boot system flash:?
configure mode commands/options:
flash:/asa724-k8.bin flash:/asa821-k8.bin
flash:/asdm-621.bin flash:/crypto_archive
flash:/securedesktop-asa-3.2.1.103-k9.pkg flash:/sslclient-win-1.1.0.154.pkg
ciscoasa(config)# boot system flash:/asa821-k8.bin
INFO: Converting flash:/asa821-k8.bin to disk0:/asa821-k8.bin
Always use “?” to look for help, image upgrading and booting is very important…I have decided to keep the older image for rollback… just in case…There’s actually a failover feature which I am yet to learn.
This is the exciting part…RELOAD…
ciscoasa(config)# reload
System config has been modified. Save? [Y]es/[N]o:
Cryptochecksum: 5e55bbbc 8de7fc74 e03c467e 15022fa9
2344 bytes copied in 1.170 secs (2344 bytes/sec)
Proceed with reload? [confirm]
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Launching BootLoader…
Boot configuration file contains 1 entry.
Loading disk0:/asa821-k8.bin… Booting…
Platform ASA5505
Loading…
<output omitted>
Cisco Adaptive Security Appliance Software Version 8.2(1)
LOL, hengz! It stopped at the word “Loading….” I thought it will fail!
Ok, I forgot to remove this line from the startup-config
Device Manager image set, but unable to find disk0:/asdm-524.bin
*** Output from config line 49, “asdm image disk0:/asdm-5…”
Find the line from the running config using regular expression:
ciscoasa# sh run | grep asdm
logging asdm informational
asdm image disk0:/asdm-524.bin
Remove this line and use the new version:
ciscoasa# conf t
ciscoasa(config)# no asdm image disk0:/asdm-524.bin
ciscoasa(config)#
Update the new ASDM image:
ciscoasa(config)# asdm image disk0:/asdm-621.bin
ciscoasa(config)#
Verify my running-config
ciscoasa(config)# sh run | grep asdm
logging asdm informational
asdm image disk0:/asdm-621.bin
ciscoasa#
ciscoasa(config)# copy run start
Source filename [running-config]?
2669 bytes copied in 1.300 secs (2669 bytes/sec)
Open my browser and enter https://192.168.1.1/, enter my credentials and login, see the version is 6.2 now? Download the copy and install..
cyruslab 