I love GNS3, it is a brilliant piece of software, I use it for bench testing and proof of concept work. Yes is can be a bit clunky sometimes, but it’s FREE! I had a project open with about four ASA’s on it, and it would not save the config on just one of them.
2. Change the NIC Model to pcnet > Apply > OK > Stop the firewall > Start the Firewall.
HOWEVER, in my case the problem persisted, I eventually fixed it by formatting the virtual ASA’s flash drive.
3. Execute the following command;
[box]
HostName# format flash
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "flash:". Continue? [confirm]{Enter}
Initializing partition - hda: hda1
done!
mkdosfs 2.11 (12 Mar 2005)
System tables written to disk
Format of disk0 complete
HostName#
[/box]
4. Power off, then power on the firewall, problem fixed.
Related Articles, References, Credits, or External Links
Today I was upgrading a Cisco 3750 switch, and needed to free up some space in the flash memory to upload the new system image to. But when I tried to delete the current system file I got this error.
[box]
Petes-3750# dir
Directory of flash:/
2 -rwx 796 Mar 7 1993 01:15:49 +00:00 vlan.dat
3 drwx 192 Mar 1 1993 00:17:13 +00:00 c3750-ipservicesk9-mz.122-55.SE5
4 -rwx 5504 May 27 2015 10:23:47 +00:00 private-config.text
85 -rwx 3096 May 27 2015 10:23:47 +00:00 multiple-fs
86 -rwx 2544 Mar 1 1993 00:01:40 +00:00 config.backup
88 -rwx 4020 May 27 2015 10:23:47 +00:00 config.text
15998976 bytes total (2421248 bytes free)
Petes-3750(config-if)#exit
Petes-3750#delete flash:/c3750-ipservicesk9-mz.122-55.SE5
Delete filename [c3750-ipservicesk9-mz.122-55.SE5]?
Delete flash:/c3750-ipservicesk9-mz.122-55.SE5? [confirm]
%Error deleting flash:/c3750-ipservicesk9-mz.122-55.SE5 (Is a directory)
[/box]
Solution
Well the fact that the file name didn’t have ‘.bin’ on the end of it should have been a clue. Anyway to delete the folder you need to use the force and recursive switches in your delete command, (or you can use rmdir).</p?
[box]
Petes-3750#delete /force /recursive flash:/c3750-ipservicesk9-mz.122-55.SE5
Petes-3750#dir
Directory of flash:/
2 -rwx 796 Mar 7 1993 01:15:49 +00:00 vlan.dat
4 -rwx 5504 May 27 2015 10:23:47 +00:00 private-config.text
85 -rwx 3096 May 27 2015 10:23:47 +00:00 multiple-fs
86 -rwx 2544 Mar 1 1993 00:01:40 +00:00 config.backup
88 -rwx 4020 May 27 2015 10:23:47 +00:00 config.text
15998976 bytes total (15981056 bytes free)
Petes-3750#
[/box]
Related Articles, References, Credits, or External Links
Before upgrading/updating the ASA to version 8.3 (or Higher) Check to see if you have the correct amount of RAM in the firewall (“show version” command will tell you). This is VERYIMPORTANT if your ASA was shipped before February 2010. See the link below for more information.
Be aware, if you are upgrading to an OS of 8.4(2) or newer you can no longer access the device via SSH when using the default username of “pix” you need to enable AAA authentication for SSH, do this before you reboot/reload the firewall or you may lock yourself out.
8. You may find that there is not enough room in flash memory, if so you will see this error. (if it does not error skip to step 11).
9. If you are stuck for room you can delete some items from your flash memory > Tools > File Management.
10. Here you can see I’m deleting and old version of the ASDM. Note you could delete the live version of the ASDM and Operating system if you had no choice (THOUGH DONT REBOOT THE FIREWALL until the new ones have uploaded, or you will be loading the files in in ROMMON mode!)
11. Once all the files have been downloaded to your location, they will be uploaded to the firewalls flash memory.
12. Next.
13. Finish.
Note: What happens now is the following commands are issued in the background automatically; (Note the versions numbers may be different in your case).
[box]
asdm image disk0:/asdm-649.bin
no boot system disk0:/asa843-k8.bin
boot system disk0:/asa844-1-k8.bin
boot system disk0:/asa843-k8.bin
[/box]
14. After the firewall reboots, it should come back up with the new OS and ASDM version.
Related Articles, References, Credits, or External Links
1. Initially I thought I’d just need to clear some junk out of the flash, but a spring clean didn’t help either, turns out I need to free up some RAM by disabling some stuff.
Note: I could also have booted to ROMMON mode, and copied the files into flash. (But I was too lazy to dig out a console cable and walk to the dining room).
[box]
Petes-ASA)# configure terminal
Petes-ASA(config)# no threat-detection basic-threat
Petes-ASA(config)# no threat-detection statistics tcp-intercept
Petes-ASA(config)# no threat-detection statistics
Petes-ASA(config)# no webvpn
Petes-ASA(config)# wr mem
Building configuration...
Cryptochecksum: 7b4c70ea dddb5908 f288701a 070f323a
9622 bytes copied in 1.230 secs (9622 bytes/sec)
[OK]
Petes-ASA(config)#
I needed to back up a Cisco firewall, and perform an upgrade remotely, despite my best efforts to use the ASDM and update via http, I had to go ‘old school’ and bring up a TFTP server on one of my CentOS Linux servers.
Solution
1. Log onto the server and install the xinetd TFTP Server. Execute the following command and follow the on-screen prompts.
[box]Using username “root”.
Last login: Thu Aug 7 17:58:10 2014 from midd-8.cable.virginm.net
[root@Web-Test ~]# yum install tftp tftp-server xinetd[/box]
2. Now you need to edit the config file, here I’m using nano, but you could use vi as well.
# default: off
# description: The tftp server serves files using the trivial file transfer
# protocol. The tftp protocol is often used to boot diskless
# workstations, download configuration files to network-aware printers,
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = yes
per_source = 11
cps = 100 2
flags = IPv4
}
[/box]
4. Edit the file and save it, so it looks like this;
[box]
# default: off
# description: The tftp server serves files using the trivial file transfer
# protocol. The tftp protocol is often used to boot diskless
# workstations, download configuration files to network-aware printers,
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -c -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
Note: if you run SELinux you may also need to execute the following command, ‘setsebool -P tftp_anon_write 1‘.
WARNINIG: This enables anonymous access on the TFTP root folder, if your server is public facing and not firewalled, then I would suggest you do what I do, (stop and start the service manually, and only open the firewall for TFTP when you need to use it – see below).
6. If you use iptables as a firewall, you will need to open the TFTP port (UDP Port 69).
10. I could SSH into the server and change to the /var/lib/tftpboot directory and see the file. But I’ve got WinSCP installed so I can view the backup with that.
11. Let’s see if we can copy a file off the TFTP server back to the firewall.
[box]
Petes-ASA# copy tftp flash
Address or name of remote host []? 123.123.123.123