GNS3 – Can’t Save ASA Config – ‘%Error copying system:/running-config (Not enough space on device)’

KB ID 0000987

Problem

I love GNS3, it is a brilliant piece of software, I use it for bench testing and proof of concept work. Yes is can be a bit clunky sometimes, but it’s FREE! I had a project open with about four ASA’s on it, and it would not save the config on just one of them.

[box]

HostName(config)# copy running-config startup-config

Source filename [running-config]?
Cryptochecksum: fdf42190 76959bba 05a6a3d6 3f900005

%Error copying system:/running-config (Not enough space on device)
HostName(config)#

[/box]

[box]

HostName(config)# write mem
Building configuration...
Cryptochecksum: fdf42190 76959bba 05a6a3d6 3f900005

%Error copying system:/running-config (Not enough space on device)
Error executing command
[FAILED]
HostName(config)# 

[/box]

[box]

HostName(config)# copy running-config disk0:

Source filename [running-config]?

Destination filename [running-config]?
Cryptochecksum: fdf42190 76959bba 05a6a3d6 3f900005

%Error copying system:/running-config (Not enough space on device)
HostName(config)# 

[/box]

Solution

At first I simply deleted the ASA and added a new one, which annoyingly did the same. Then I read a post that said, do the following;

1. Open the configuration for the affected ASA.

2. Change the NIC Model to pcnet > Apply > OK > Stop the firewall > Start the Firewall.

HOWEVER, in my case the problem persisted, I eventually fixed it by formatting the virtual ASA’s flash drive.

3. Execute the following command;

[box]

HostName# format flash 

 

Format operation may take a while. Continue? [confirm]

Format operation will destroy all data in "flash:". Continue? [confirm]{Enter}
Initializing partition - hda: hda1
done!
mkdosfs 2.11 (12 Mar 2005)

System tables written to disk

Format of disk0 complete
HostName# 

[/box]

4. Power off, then power on the firewall, problem fixed.

Related Articles, References, Credits, or External Links

NA

Cisco Catalyst – %Error Deleting flash:/{name} (Is a directory)

KB ID 0001070 

Problem

Today I was upgrading a Cisco 3750 switch, and needed to free up some space in the flash memory to upload the new system image to. But when I tried to delete the current system file I got this error.

[box]

Petes-3750# dir
Directory of flash:/

2 -rwx 796 Mar 7 1993 01:15:49 +00:00 vlan.dat
3 drwx 192 Mar 1 1993 00:17:13 +00:00 c3750-ipservicesk9-mz.122-55.SE5
4 -rwx 5504 May 27 2015 10:23:47 +00:00 private-config.text
85 -rwx 3096 May 27 2015 10:23:47 +00:00 multiple-fs
86 -rwx 2544 Mar 1 1993 00:01:40 +00:00 config.backup
88 -rwx 4020 May 27 2015 10:23:47 +00:00 config.text

15998976 bytes total (2421248 bytes free)
Petes-3750(config-if)#exit

Petes-3750#delete flash:/c3750-ipservicesk9-mz.122-55.SE5
Delete filename [c3750-ipservicesk9-mz.122-55.SE5]?
Delete flash:/c3750-ipservicesk9-mz.122-55.SE5? [confirm]
%Error deleting flash:/c3750-ipservicesk9-mz.122-55.SE5 (Is a directory)

[/box]

Solution

Well the fact that the file name didn’t have ‘.bin’ on the end of it should have been a clue. Anyway to delete the folder you need to use the force and recursive switches in your delete command, (or you can use rmdir).</p?

[box]

Petes-3750#delete /force /recursive flash:/c3750-ipservicesk9-mz.122-55.SE5
Petes-3750#dir
Directory of flash:/

2 -rwx 796 Mar 7 1993 01:15:49 +00:00 vlan.dat
4 -rwx 5504 May 27 2015 10:23:47 +00:00 private-config.text
85 -rwx 3096 May 27 2015 10:23:47 +00:00 multiple-fs
86 -rwx 2544 Mar 1 1993 00:01:40 +00:00 config.backup
88 -rwx 4020 May 27 2015 10:23:47 +00:00 config.text

15998976 bytes total (15981056 bytes free)
Petes-3750#

[/box]

Related Articles, References, Credits, or External Links

NA

Update Cisco ASA – Directly from Cisco (via ASDM)

KB ID 0000636 

Problem

Warning:

Before upgrading/updating the ASA to version 8.3 (or Higher) Check to see if you have the correct amount of RAM in the firewall (“show version” command will tell you). This is VERYIMPORTANT if your ASA was shipped before February 2010. See the link below for more information.

ASA – Memory Error (Post upgrade to version 8.3)

Warning 2:

Be aware, if you are upgrading to an OS of 8.4(2) or newer you can no longer access the device via SSH when using the default username of “pix” you need to enable AAA authentication for SSH, do this before you reboot/reload the firewall or you may lock yourself out.

ASA Enable AAA LOCAL Authentication for SSH

Its been a while since I wrote how to update the ASA by command line, and how to update the ASA from the ASDM. Now you can update the ASA directly from Cisco, providing you have a valid cisco CCO account.

Solution

1. Connect to the the ASDM on the ASA > Tools > Check for ASA/ASDM Updates.

2. Supply your Cisco CCO account information.

3. Next.

4. Decide if you want to update the OS of the ASA or the ASDM, or both.

5. Next.

6. The software will download. (The OS is downloading here), Note: it will get downloaded to the machine that the ASDM is running on first.

7. Then the ASDM software will download.

8. You may find that there is not enough room in flash memory, if so you will see this error. (if it does not error skip to step 11).

9. If you are stuck for room you can delete some items from your flash memory > Tools > File Management.

10. Here you can see I’m deleting and old version of the ASDM. Note you could delete the live version of the ASDM and Operating system if you had no choice (THOUGH DONT REBOOT THE FIREWALL until the new ones have uploaded, or you will be loading the files in in ROMMON mode!)

11. Once all the files have been downloaded to your location, they will be uploaded to the firewalls flash memory.

12. Next.

13. Finish.

Note: What happens now is the following commands are issued in the background automatically; (Note the versions numbers may be different in your case).

[box]

asdm image disk0:/asdm-649.bin
no boot system disk0:/asa843-k8.bin
boot system disk0:/asa844-1-k8.bin
boot system disk0:/asa843-k8.bin

[/box]

14. After the firewall reboots, it should come back up with the new OS and ASDM version.

Related Articles, References, Credits, or External Links

Cisco ASA5500 Update System and ASDM (From CLI)

Cisco ASA5500 Update System and ASDM (From ASDM)

ASA TFTP Error – (Cannot allocate memory)

KB ID 0000787 

Problem

I updated my ASA to version 9.1(1) tonight, that went well, but when I tried to update the ASDM image to version 7.1(1)-52 this happened;

[box]

Accessing tftp://10.254.254.109/asdm-711-52.bin...!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
%Error writing disk0:/asdm-711-52.bin (Cannot allocate memory)
Petes-ASA#

[/box]

Solution

1. Initially I thought I’d just need to clear some junk out of the flash, but a spring clean didn’t help either, turns out I need to free up some RAM by disabling some stuff.

Note: I could also have booted to ROMMON mode, and copied the files into flash. (But I was too lazy to dig out a console cable and walk to the dining room).

[box]

Petes-ASA)# configure terminal
Petes-ASA(config)# no threat-detection basic-threat
Petes-ASA(config)# no threat-detection statistics tcp-intercept
Petes-ASA(config)# no threat-detection statistics
Petes-ASA(config)# no webvpn
Petes-ASA(config)# wr mem
Building configuration...
Cryptochecksum: 7b4c70ea dddb5908 f288701a 070f323a

9622 bytes copied in 1.230 secs (9622 bytes/sec)
[OK]
Petes-ASA(config)#

[/box]

2. Then I could copy over the image successfully.

[box]

Petes-ASA(config)# copy tftp flash

Address or name of remote host []? 10.254.254.109

Source filename []? asdm-711-52.bin

Destination filename [disk0]? asdm-711-52.bin

Accessing tftp://10.1.0.212/asdm-711-52.bin..!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

<<<<Removed lots for the sake of Space>>>>

Writing file disk0:asdm-711-52.bin…
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
8312832 bytes copied in 70.230 secs (118754 bytes/sec)

Petes-ASA(config)# asdm image disk0:/asdm-711-52.bin

[/box]

3. Then turn everything back on again, and save the changes.

[box]

Petes-ASA(config)# threat-detection basic-threat
Petes-ASA(config)# threat-detection statistics tcp-intercept
Petes-ASA(config)# threat-detection statistics
Petes-ASA(config)# webvpn
Petes-ASA(config)# wr mem
Cryptochecksum: 7b4c70ee dddb5999 f288701a 070f323a

9622 bytes copied in 1.230 secs (9622 bytes/sec)
[OK]
Petes-ASA(config)#

[/box]

Related Articles, References, Credits, or External Links

NA

CentOS – Install and Configure a TFTP Server

KB ID 0000998

Problem

I needed to back up a Cisco firewall, and perform an upgrade remotely, despite my best efforts to use the ASDM and update via http, I had to go ‘old school’ and bring up a TFTP server on one of my CentOS Linux servers.

Solution

1. Log onto the server and install the xinetd TFTP Server. Execute the following command and follow the on-screen prompts.

[box]Using username “root”.
Last login: Thu Aug 7 17:58:10 2014 from midd-8.cable.virginm.net
[root@Web-Test ~]# yum install tftp tftp-server xinetd[/box]

2. Now you need to edit the config file, here I’m using nano, but you could use vi as well.

[box][root@Web-Test ~]# nano /etc/xinetd.d/tftp[/box]

3. When you open the file it will look like this;

[box]

# default: off
# description: The tftp server serves files using the trivial file transfer
#       protocol.  The tftp protocol is often used to boot diskless
#       workstations, download configuration files to network-aware printers,
#       and to start the installation process for some operating systems.
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /var/lib/tftpboot
        disable                 = yes
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}  

[/box]

4. Edit the file and save it, so it looks like this;

[box]

# default: off
# description: The tftp server serves files using the trivial file transfer
#       protocol.  The tftp protocol is often used to boot diskless
#       workstations, download configuration files to network-aware printers,
#       and to start the installation process for some operating systems.
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -c -s /var/lib/tftpboot
        disable                 = no
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}

[/box]

5. Set the permissions on the tftp folder.

[box][root@Web-Test ~]# chmod 777 /var/lib/tftpboot[/box]

Note: if you run SELinux you may also need to execute the following command, ‘setsebool -P tftp_anon_write 1‘.

WARNINIG: This enables anonymous access on the TFTP root folder, if your server is public facing and not firewalled, then I would suggest you do what I do, (stop and start the service manually, and only open the firewall for TFTP when you need to use it – see below).

6. If you use iptables as a firewall, you will need to open the TFTP port (UDP Port 69).

[box][root@Web-Test ~]# iptables -I INPUT -p udp –dport 69 -j ACCEPT[/box]

7. Start the xinetd service.

[box][root@Web-Test ~]# /etc/init.d/xinetd start
Starting xinetd:[ OK ][/box]

8. If you want the service to always be running, (see my warning above) then use the following command.

[box][root@Web-Test ~]# chkconfig xinetd on[/box]

9. Let’s give it a test, from my Cisco device lets see if I can backup the config to this server.

[box]

Petes-ASA# copy run tftp

Source filename [running-config]?

Address or name of remote host []? 123.123.123.123

Destination filename [running-config]?
Cryptochecksum: 9d4006ed 0bb1d39c fe61da22 91222a76
!!!
9284 bytes copied in 2.130 secs (4642 bytes/sec)
Petes-ASA#

[/box]

10. I could SSH into the server and change to the /var/lib/tftpboot directory and see the file. But I’ve got WinSCP installed so I can view the backup with that.

11. Let’s see if we can copy a file off the TFTP server back to the firewall.

[box]

Petes-ASA# copy tftp flash

Address or name of remote host []? 123.123.123.123

Source filename []? asa915-k8.bin

Destination filename [asa915-k8.bin]?

Accessing tftp://123.123.123.123/asa915k8.bin…!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asa915-k8.bin…
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
27113472 bytes copied in 845.110 secs (32086 bytes/sec)
Petes-ASA#

[/box]

12. Now unless you are leaving xinetd running lets turn it off.

[box][root@Web-Test ~]# /etc/init.d/xinetd stop
Stopping xinetd: [ OK ][/box]

13. If you are running iptables and have opened the TFTP port I like to close that as well.

Note: It its possible to see that that port is open even if there is no service running on it, that’s why I close it down.

[box][root@Web-Test ~]# iptables -D INPUT -p udp –dport 69 -j ACCEPT[/box]

Related Articles, References, Credits, or External Links

NA