KB ID 0000792
Problem
If your firewall wont boot, either because the OS is corrupt, or you have a faulty flash memory. You can get up and running by booting the device from a TFTP server instead.
Solution
Before you start make sure you have your TFTP server running and the operating system in its root folder.
1. Power on the firewall, during the boot phase press ESC to boot to ROMMOM mode.
2. The following commands will set the firewall’s IP address, default gateway, and the IP address of the device running the TFTP server. (Note: unless you are on a different network segment gateway and server address should be set the same).
Use ? for help. ROMMON #0> ADDRESS=172.16.254.150 ROMMON #1> SERVER=172.16.254.207 ROMMON #2> GATEWAY=172.16.254.207
3. You will need to specify the name of the operating system file to load, and which interface the firewall should use, this is a 5505 and I’m using Ethernet0/1 (the interface that’s usually the inside one).
ROMMON #3> IMAGE=asa911-k8.bin ROMMON #4> PORT=Ethernet0/1 Ethernet0/1 MAC Address: b0fa.eb21.378e Link is UP ROMMON #5>
4. You can check the settings with a ‘set’ command.
ROMMON #5> set
ROMMON Variable Settings
ADDRESS=172.16.254.150
SERVER=172.16.254.207
GATEWAY=172.16.254.207
PORT=Ethernet0/1
VLAN=untagged
IMAGE=asa911-k8.bin
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20
ROMMON #6>
5. Start the process with a ‘tftp’ command.
ROMMON #6> tftp
tftp asa911-k8.bin@172.16.254.207 via 172.16.254.207
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<Output removed for the sake of space>
6. The firewall will load the operating system and boot. WARNING the operating system at this point is running in memory, NOT from flash, if you reboot it will attempt to load from flash memory again. (If you can access the flash memory ‘show flash’), then copy in the operating system from your TFTP server.
Petes-ASA# copy tftp disk0 Address or name of remote host []? 172.16.254.207 Source filename []? asa911-k8.bin Destination filename [disk0]? asa911-k8.bin Accessing tftp://172.16.254.207/asa911-k8.bin.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!! <Output removed for the sake of space> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!! Writing file disk0:asa911-k8.bin... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!! <Output removed for the sake of space> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!! 8312832 bytes copied in 70.230 secs (118754 bytes/sec)
7. Make sure you can see the file in flash memory.
Petes-ASA# show flash Initializing disk0: cache, please wait....Done. -#- --length-- -----date/time------ path 6 6764544 Jan 01 2003 00:05:22 asa911-k8.bin <<<< 7 1868412 Jan 01 2003 00:05:48 securedesktop-asa-3.1.1.29-k9.pkg 8 398305 Jan 01 2003 00:06:04 sslclient-win-1.1.0.154.pkg 9 7495680 Apr 25 2007 14:41:54 asdm711-k8.bin 12 8312832 May 21 2007 13:29:08 asa722-k8.bin 13 5623108 May 21 2007 13:31:26 asdm-522.bin 224886784 bytes available (30539776 bytes used)
8. Set the new file as the default boot OS, and save the changes, then finally reboot the firewall.
Petes-ASA# configure terminal Petes-ASA(config)# boot system disk0:/asa911-k8.bin Petes-ASA(config)# write mem Building configuration... Cryptochecksum: b984ffbc dd77cdbf f2cd8d86 0b8f3f96
3965 bytes copied in 1.490 secs (3965 bytes/sec) [OK]
Petes-ASA(config)# reload Proceed with reload? [confirm]{Enter} Petes-ASA#
*** *** — START GRACEFUL SHUTDOWN — Shutting down isakmp Shutting down webvpn Shutting down License Controller Shutting down File system
*** *** — SHUTDOWN NOW —
9. The firewall will reboot, and load the new OS.
Related Articles, References, Credits, or External Links
NA