Cisco ASA5500 Update System and ASDM (From CLI)


Do the same from the ASDM

KB ID 0000074 Dtd 11/01/12


Below is a walkthrough for upgrading the OS image and ASDM using CLI, you will need a TFTP server up and running with the files sat in the TFTP servers upload directory. NOTE for updated ASA and ASDM software you need a valid Cisco CCO Login and support contract.

For information on Installing and using a TFTP Server CLICK HERE


Before upgrading/updating the ASA to version 8.3 (or Higher) Check to see if you have the correct amount of RAM in the firewall ("show version" command will tell you). This is VERY IMPORTANT if your ASA was shipped before February 2010. See the link below for more information.

ASA - Memory Error (Post upgrade to version 8.3)

Warning 2:

Be aware, if you are upgrading to an OS of 8.4(2) or newer you can no longer access the device via SSH when using the default username of "pix" you need to enable AAA authentication for SSH, do this before you reboot/reload the firewall or you may lock yourself out.

ASA Enable AAA LOCAL Authentication for SSH


1. Login to the firewall via Telnet, Console Cable or SSH, then go to enable mode, type in the enable password.

ciscoasa> enable

2. Copy the ASA software file from your TFTP server (in this case at IP ADDRESS you will need to give it the name of the file (In this case asa722-k8.bin)

ciscoasa# copy tftp disk0

Address or name of remote host []?

Source filename []? asa722-k8.bin

Destination filename [disk0]? asa722-k8.bin

Accessing tftp:// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<<<<Removed lots for the sake of Space>>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Writing file disk0:asa722-k8.bin... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! <<<<Removed lots for the sake of Space>>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 8312832 bytes copied in 70.230 secs (118754 bytes/sec)

3. Now using the same commands copy the new ASDM Image to the firewall (In this case asm-522.bin)

ciscoasa# copy tftp disk0

Address or name of remote host []?{Enter}

Source filename [asa722-k8.bin]? asdm-522.bin

Destination filename [disk0]? asdm-522.bin

Accessing tftp:// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<<<<Removed lots for the sake of Space>>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Writing file disk0:asdm-522.bin... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! <<<<Removed lots for the sake of Space>>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!! 5623108 bytes copied in 47.880 secs (119640 bytes/sec)

4. NOTE It it fails due to lack of space see step 9 below to see how to delete things from flash.

5. Make sure they are actually in there by issuing a show flash command.

ciscoasa(config)# show flash

Initializing disk0: cache, please wait....

Done. -#- --length-- -----date/time------ path 6 6764544

Jan 01 2003 00:05:22 asa712-k8.bin 7 1868412

Jan 01 2003 00:05:48 securedesktop-asa- 8 398305

Jan 01 2003 00:06:04 sslclient-win- 9 7495680

Apr 25 2007 14:41:54 asdm512-k8.bin 12 8312832

May 21 2007 13:29:08 asa722-k8.bin 13 5623108

May 21 2007 13:31:26 asdm-522.bin

224886784 bytes available (30539776 bytes used)

6. Now set the ASA to use the new OS when it Starts.

ciscoasa(config)# boot system disk0:/asa722-k8.bin

7. Note sometimes it will keep the old one as well to remove it you can issue a "no boot system" command.

ciscoasa(config)# no boot system disk0:/asa712-k8.bin 

8. You will now need to tell the ASA to use the NEW ASDM image. Then DONT FORGET to save the changes with a "write mem" command.

ciscoasa(config)# asdm image disk0:/asdm-522.bin
ciscoasa(config)# write mem
Building configuration...
Cryptochecksum: 6a88d6fc fef680b3 b86e1ae8 d768560f 

1515 bytes copied in 3.700 secs (505 bytes/sec) [OK] ciscoasa(config)#

9. I will usually issue a "reload" command now and make sure the Firewall reboots OK, you can then delete the old image and ASDM with the following commands.

ciscoasa(config)# delete disk0:/asa712-k8.bin

Delete filename [asa712-k8.bin]?{Enter}

Delete disk0:/asa712-k8.bin? [confirm]{Enter}

ciscoasa(config)# delete disk0:/asdm512-k8.bin

Delete filename [asdm512-k8.bin]?{Enter}

Delete disk0:/asdm512-k8.bin? [confirm]{Enter}


Related Articles, References, Credits, or External Links

Update Cisco ASA - Directly from Cisco (via ASDM)

Originally written 09/11/09

Author: Migrated

Share This Post On