Skip to main content

Image Recovery Using ROMMON mode



If incase ASA system image is lost or got corrupted we can recover it by booting ASA in ROMMON mode and executing following commands please refer above mentioned diagram.


Step 1: Make sure you have assigned the right IP address to the PC which has ASA system image and tftp installed.

Step 2: Set the following parameters
rommon #0> address 10.1.1.254
rommon #1 > server 10.1.1.1
rommon #2> interface GigabitEthernet0/0
GigabitEthernet0/1
MAC Address: 000f. f775.4b54
rommon #3> file asa801 -k8. bin

Step 3: Verify your configured parameters in ROMON mode
rommon #4> set
ROMMON Variable Settings:
ADDRESS=10.1.1.254
SERVER=10.1.1.1
PORT=GigabitEthernet0/0
VLAN=untagged
IMAGE=asa801-k8. bin
CONFIG=



rommon #12> set
ROMMON Variable Settings:
ADDRESS=10.1.1.50
SERVER=10.1.1.1
------- output omitted for brevity -----

rommon #13> unset ADDRESS
ROMMON Variable Settings:
ADDRESS=0.0.0.0
SERVER=10.1.1.1
GATEWAY=0.0.0.0
------- output omitted for brevity -----







Step4: Check the connectivity from both sides:

rommon #6> ping 10.1.1.1
Sending 20, 100-byte ICMP Echoes to 10.1.1.1, timeout is 4 seconds:
!!!!!!!!!!!!!!!!!!!!

Step 6:

rommon #5> tftpdnld
tftp asa821 -k8. bin@192. 168.10. 250
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


Device downloads the system image file in the memory and Boots up. Note it is not stored in flash. So once ASA is up you have to manual upload the ASA system image in the flash.

Step 7:

ASA01(config)# copy tftp: flash:
Address or name of remote host [] ? 10.1.1.1
Source filename] ? [ asa821- k8. bin
Destination filename []?asa821 -k8. bin
Accessing tftp://10.1.1.1/asa821- k8. bin. . .!!
Writing file disk0:/asa821- k8.bin. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! Output omitted for brevity
51 24096 bytes copied in 1 51. 370 secs ( 33934 bytes/sec)


Step 8: (Optional)
You can execute following command to hardcode the ASA image you want ASA to boot. It is especially useful when you have multiple ASA images in the flash and you want to boot up with specific ASA image.

Chicago(config)# boot system disk0:/asa821- k8. bin
Labels:

Comments

  1. VARSHALIJanuary 25, 2013 at 7:08 AM

    Hello Saju....

    Thanks for ur blog. its ws very helpful 4 me.

    ReplyDelete
  2. UnknownAugust 11, 2014 at 5:39 AM

    Thank you very much for your blog, it enabled me to un-brick an old ASA5505 firewall! Keep up the good work :)

    Mike

    ReplyDelete
  3. UnknownApril 11, 2017 at 11:16 PM

    After the ASA boots, it displays the command prompt.Typed enable and pressed Enter to get into privilege mode . Pressed Enter at the password prompt but it does not accept it and says invalid password.

    cisco>enable
    Password:

    ReplyDelete

Post a Comment

Popular posts from this blog

Securing Routing updates (Routing Authentication)

Router ASA RIP v2 ! key chain RIP   key 1       key-string cisco ! router rip   version 2   network 136.1.0.0   network 150.1.0.0   no auto-summary ! interface FastEthernet0/0   ip address 136.1.121.1 255.255.255.0   ip rip authentication mode md5   ip rip authentication key-chain RIP end ! ! router rip   network 10.0.0.0   network 136.1.0.0   version 2   no auto-summary ! interface Ethernet0/1   description ** Inside   Interface **   nameif inside   security-level 100   ip address 136.1.121.12 255.255.255.0   rip authentication mode md5   rip authentication key <removed> key_id 1 OSPF v2 Simple ! router ospf 1   router-id 150.1.3.3   log-adjacency-changes   area 0 authentication   network 136.1.0.0 0.0.0.255 area 0   network 150.1.3.3 0.0.0.0 area 0 ! interface FastEthernet0/0   ip address 136.1.0.3 255.255.255.0   ip ospf authentication-key cisco end ! MD5-Hash ! interface FastEthernet0/0   ip address 136.1.124.4 255.255.255.0   ip ospf authentication message-digest   ip o
Post a Comment
Read more