Cisco ASA5500 Update System and ASDM (From CLI)

Do the same from the ASDM

KB ID 0000074

Problem

Below is a walkthrough for upgrading the OS image and ASDM using CLI, you will need a TFTP server up and running with the files sat in the TFTP servers upload directory. NOTE for updated ASA and ASDM software you need a valid Cisco CCO Login and support contract.

For information on Installing and using a TFTP Server CLICK HERE

Warning:

Before upgrading/updating the ASA to version 8.3 (or Higher) Check to see if you have the correct amount of RAM in the firewall (“show version” command will tell you). This is VERY IMPORTANT if your ASA was shipped before February 2010. See the link below for more information.

ASA – Memory Error (Post upgrade to version 8.3)

Warning 2:

Be aware, if you are upgrading to an OS of 8.4(2) or newer you can no longer access the device via SSH when using the default username of “pix” you need to enable AAA authentication for SSH, do this before you reboot/reload the firewall or you may lock yourself out.

ASA Enable AAA LOCAL Authentication for SSH

Solution

1. Login to the firewall via Telnet, Console Cable or SSH, then go to enable mode, type in the enable password.

[box]

ciscoasa> enable
Password:*********
ciscoasa#

[/box]

2. Copy the ASA software file from your TFTP server (in this case at IP ADDRESS 10.1.0.212) you will need to give it the name of the file (In this case asa722-k8.bin)

[box]

ciscoasa# copy tftp disk0

Address or name of remote host []? 10.1.0.212

Source filename []? asa722-k8.bin

Destination filename [disk0]? asa722-k8.bin

Accessing tftp://10.1.0.212/asa722-k8.bin.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<<<<Removed lots for the sake of Space>>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Writing file disk0:asa722-k8.bin… !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! <<<<Removed lots for the sake of Space>>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 8312832 bytes copied in 70.230 secs (118754 bytes/sec) [/box]

3. Now using the same commands copy the new ASDM Image to the firewall (In this case asm-522.bin)

[box]

ciscoasa# copy tftp disk0

Address or name of remote host [10.1.0.212]?{Enter}

Source filename [asa722-k8.bin]? asdm-522.bin

Destination filename [disk0]? asdm-522.bin

Accessing tftp://10.1.0.212/asdm-522.bin.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<<<<Removed lots for the sake of Space>>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Writing file disk0:asdm-522.bin… !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! <<<<Removed lots for the sake of Space>>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!! 5623108 bytes copied in 47.880 secs (119640 bytes/sec) [/box]

4. NOTE It it fails due to lack of space see step 9 below to see how to delete things from flash.

5. Make sure they are actually in there by issuing a show flash command.

[box]

 

ciscoasa(config)# show flash

Initializing disk0: cache, please wait….

Done. -#- –length– —–date/time—— path 6 6764544

Jan 01 2003 00:05:22 asa712-k8.bin 7 1868412

Jan 01 2003 00:05:48 securedesktop-asa-3.1.1.29-k9.pkg 8 398305

Jan 01 2003 00:06:04 sslclient-win-1.1.0.154.pkg 9 7495680

Apr 25 2007 14:41:54 asdm512-k8.bin 12 8312832

May 21 2007 13:29:08 asa722-k8.bin 13 5623108

May 21 2007 13:31:26 asdm-522.bin

224886784 bytes available (30539776 bytes used) [/box]

6. Now set the ASA to use the new OS when it Starts.

[box]

ciscoasa(config)# boot system disk0:/asa722-k8.bin

[/box]

7. Note sometimes it will keep the old one as well to remove it you can issue a “no boot system” command.

[box]

ciscoasa(config)# no boot system disk0:/asa712-k8.bin 

[/box]

8. You will now need to tell the ASA to use the NEW ASDM image. Then DONT FORGET to save the changes with a “write mem” command.

[box]

ciscoasa(config)# asdm image disk0:/asdm-522.bin
ciscoasa(config)# write mem
Building configuration...
Cryptochecksum: 6a88d6fc fef680b3 b86e1ae8 d768560f 

1515 bytes copied in 3.700 secs (505 bytes/sec) [OK] ciscoasa(config)#

[/box]

9. I will usually issue a “reload” command now and make sure the Firewall reboots OK, you can then delete the old image and ASDM with the following commands.

[box]

 

ciscoasa(config)# delete disk0:/asa712-k8.bin

Delete filename [asa712-k8.bin]?{Enter}

Delete disk0:/asa712-k8.bin? [confirm]{Enter}

ciscoasa(config)# delete disk0:/asdm512-k8.bin

Delete filename [asdm512-k8.bin]?{Enter}

Delete disk0:/asdm512-k8.bin? [confirm]{Enter}

[/box]  

Related Articles, References, Credits, or External Links

Update Cisco ASA – Directly from Cisco (via ASDM)

Originally written 09/11/09

Cisco ASA5500 Update System and ASDM (From ASDM)

Do the same from command line

KB ID 0000073

Problem

Below is a walkthrough for upgrading the OS image and ASDM using the ASDM, this method does not require access to a TFTP server.

Warning:

Before upgrading/updating the ASA to version 8.3 (or Higher) Check to see if you have the correct amount of RAM in the firewall (“show version” command will tell you). This is VERY IMPORTANT if your ASA was shipped before February 2010. See the link below for more information.

ASA – Memory Error (Post upgrade to version 8.3)

Warning 2:

Be aware, if you are upgrading to an OS of 8.4(2) or newer you can no longer access the device via SSH when using the default username of “pix” you need to enable AAA authentication for SSH, do this before you reboot/reload the firewall or you may lock yourself out.

ASA Enable AAA LOCAL Authentication for SSH

Solution

1. Firstly make sure you have the latest system and ASDM images on your PC, you will need a valid service agreement and a CCO login with Cisco to download them.

 

2. Connect to the ASDM either via the client software or a web page pointed to https://IP_OF_THE ASA (NOTE you need to be on an IP that’s allowed to connect to to the ASA.)

3. Tools > Upgrade software from Local Computer, or Upload Image on Local PC, on older versions.

4. Select “ASA Image” > Browse Local.

5. The image will upload, if it complains there is not enough space, the go to tools, file management and delete the old image (yes it’s safe to do that, as long as you don’t reboot the firewall or have a power cut).

6. ‘Yes’ to use the new image..

Note: On older versions o the ASDM you have to set this manually, (Configuration > Device Administration > Boot Image > Boot Config File Path Section > Browse Flash).

Note: On even older ASDM’s this is on the Properties Page

 

7. OK.

 

Update ASDM from the ASDM

8. Tools > Upgrade software from Local Computer, or Upload Image on Local PC, on older versions.

 

9. This time select ASDM > Browse to the ASDM image > Upload Image.

 

10. The new image will be uploaded to the firewall.

 

11. Yes.

Note: On older versions this needs to be set on Configuration > Device Administration > Boot Image > ASDM Image File Path Section > Browse Flash.

Note: On even older versions this is on the Properties Page.

 

12. OK > Save..

 

13. Tools > System Reload.

 

14. Select ASDM Image > Browse Local.

 

 

Related Articles, References, Credits, or External Links

Cisco ASA5500 Update System and ASDM (From CLI)