KB ID 0001377
Problem
Cisco ASA firewalls have had USB sockets on them for a while, but a dig into the documentation only yielded, ‘for use in future releases’. Well they are working now!
Note: Firewall shown is a 5516-X (running version 9.8(1))
Solution
Your drive needs to be formatted as FAT (not NTFS), I’m going to update/install some AnyConnect client software, but there’s nothing to stop you uploading a new IOS or ASDM images.
Your drive will get mounted as ‘Drive1’ (unless you have a secondary flash drive onboard already).
[box]
PetesASA(config)# show disk1
--#-- --length-- -----date/time------ path
394 20130794 Sep 13 2017 10:52:40 anyconnect-linux64-4.5.01044-webdeploy-k9.pkg
395 4096 Dec 05 2017 09:40:28 ._anyconnect-linux64-4.5.01044-webdeploy-k9.pkg
396 22997589 Sep 13 2017 10:53:14 anyconnect-macos-4.5.01044-webdeploy-k9.pkg
397 4096 Dec 05 2017 09:40:36 ._anyconnect-macos-4.5.01044-webdeploy-k9.pkg
398 35122744 Sep 13 2017 10:54:12 anyconnect-win-4.5.01044-webdeploy-k9.pkg
399 4096 Dec 05 2017 09:40:46 ._anyconnect-win-4.5.01044-webdeploy-k9.pkg
2004582400 bytes total (1926103040 bytes free)
PeteASA(config)#
[/box]
Note: I have seen drives not get recognised like so;
[box]
Petes-ASA# Extra storage device is not supported. Petes-ASA# show disk1 --#-- --length-- -----date/time------ path No files in directory
[/box]
If that happens to you, you will need to reload the ASA (assuming the drive is formatted correctly) before it will be recognised.
You can then copy the files to the main flash (disk0:).
[box]
PeteASA(config)# copy disk1:/anyconnect-linux64-4.5.01044-webdeploy-k9.pkg disk0: Source filename [anyconnect-linux64-4.5.01044-webdeploy-k9.pkg]? {Enter} Destination filename [anyconnect-linux64-4.5.01044-webdeploy-k9.pkg]?{Enter} Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC INFO: No digital signature found 20130794 bytes copied in 1.560 secs (20130794 bytes/sec) PetesASA(config)#
[/box]
To prove the file is in the main ‘flash’.
[box]
PetesASA(config)# show flash
--#-- --length-- -----date/time------ path
96 104489760 Sep 13 2017 14:11:34 asa981-lfbff-k8.SPA
97 26916068 Sep 13 2017 14:11:54 asdm-781.bin
98 33 Dec 05 2017 02:29:03 .boot_string
11 4096 Sep 13 2017 14:15:24 log
13 500 Dec 05 2017 01:59:00 log/asa-appagent.log
21 4096 Sep 13 2017 14:16:16 crypto_archive
22 4096 Sep 13 2017 14:16:18 coredumpinfo
23 59 Sep 13 2017 14:16:18 coredumpinfo/coredump.cfg
99 41848832 Nov 15 2017 07:01:54 asasfr-5500x-boot-6.2.2-3.img
408 20130794 Dec 05 2017 02:44:59 anyconnect-linux64-4.5.01044-webdeploy-k9.pkg
7365472256 bytes total (3948736512 bytes free)
[/box]
Related Articles, References, Credits, or External Links
NA
Your posts are spot on. I am new to firewalls (ASA 5525X w/firepower) and ASDM and I find your notes the most concise and useful out there. Thank you very much for your time and effort.
I have many to configure and have to them manually, including sfr. Quite the pain.
Thanks for the feedback 🙂
How to back up ASA and reload a cold spare with a USB Drive
With USB drive in primary ASA:
PuTTY into primary ASA and log into the ASA
CLI | Elevate to enable and then Elevate to config terminal
CLI | show disk1: to make sure it is empty
CLI | dir to display the current directory content (should be disk0:/)
CLI | copy running-config disk0:/
CLI | will prompt you…
CLI | Source filename [running-config]? PRESS ENTER
CLI | Destination filename [running-config]? NAMEYOUWANT and PRESS ENTER
CLI | dir and look for NAMEYOUWANT filename w/current date
CLI | copy disk0:/NAMEYOUWANT disk1:
CLI | Source filename [NAMEYOUWANT]? PRESS ENTER
CLI | Destination filename [NAMEYOUWANT]? PRESS ENTER
———————————————————————
also repete copy of the current ASA and ASDM software files if needed
———————————————————————
CLI | show disk1: to verify all needed files are listed
exit PuTTY session and proceed to Cold Spare update
*********************************************************************
Insert the USB in the Cold Spare
Establish WebEx (on a laptop on WiFi Hotspot) connected to the Cold Spare with a console cable
Make sure PuTTY is installed on the laptop
Check devices on the computer to discover the COM port with ASA
PuTTY to COM port and log into the ASA
CLI | Elevate to enable and then Elevate to config terminal
CLI | dir to display the current directory content (should be disk0:/)
CLI | show disk1: for filename list to copy from USB
CLI | copy disk1:/filename disk0:
do the same for each file to copy
CLI | show flash to verify successful copies
CLI | show running-config boot system
you will see a list of up to 4 boot files in order of selection
CLI | no boot system disk0:/filename
do this for each file to remove from the boot files in the sequence
———————————————————————–
& another option is
CLI | clear configure boot
———————————————————————–
CLI | boot system disk0:/filename
for first file to have in boot sequence and do this for each file to follow in order, if needed
———————————————————————–
& another option is to set the file to boot with
CLI | boot config disk0:/filename
———————————————————————–
CLI | reload
to initiate the ASA system reload (reboot)
When the system prompts for username: it is back up, log into the ASA
CLI | Elevate to enable and then Elevate to config terminal
CLI | show flash
or whatever else to verify your work
This is GREAT HELP !!!
Thanks Much !!