Home > Cisco Networking > Boot Image Recovery on a Cisco ASA Firewall

Boot Image Recovery on a Cisco ASA Firewall


I was performing some basic maintenance on a Cisco ASA5510 firewall. When I was finished performing the maintenance I proceeded to reload the device. Next thing you know the firewall went into a boot loop, not good! So I hooked up a console cable to figure out what was going on. It appears that somehow my software image had become corrupted and the ASA would not boot.

I was getting the following error message:

Error 15: File not found

Unable to boot an image

So I fired up the WiFi hotspot on my Motorola Droid and proceeded to download the appropriate software image from the Cisco Support website.

Here are the required steps to recover from a missing or corrupt boot image:

  • Connect a console cable from the ASA to your computer and open up a serial connection using Putty
  • Disable any software firewall on your computer
  • Install TFTP server software on your computer – I used Solarwinds TFTP server
  • Place the Cisco software image in the TFTP-Root folder (asa821-k8.bin) and start the TFTP service
  • Assign a static IP address to your computer – I used 192.168.20.1 (an address outside of my existing subnet)
  • Connect an Ethernet cable between your computer and port 0/0 on the ASA
  • Power off the ASA then power it back on
  • Press the escape key to boot into ROMMON mode
  • Enter the following commands in the ASA (the first part of these commands must be in caps)

    rommon #1> ADDRESS=192.168.20.10
    rommon #2> SERVER=192.168.20.1
    rommon #3> GATEWAY=192.168.20.1
    rommon #4> IMAGE=asa821-k8.bin
    rommon #5> PORT=Ethernet0/0

  • These commands assign an IP address of 192.168.20.10 to port 0/0 on the ASA and tell it to look at your TFTP server 192.168.20.1 and to select the ASA software image.
  • Next, execute the command to transfer the image from the TFTP server to the ASA

    rommon #6> tftp

Once the file transfer completes reboot the ASA and cross your fingers. If everything works the device should successfully reload and your existing configuration should remain intact.

Advertisements
  1. Dave
    August 27, 2010 at 10:56 am

    This post saved my a$$ Thank you!

  2. August 28, 2010 at 1:54 pm

    wow your website is very beautifull, I like this site, please visit my site

  3. mamang
    June 20, 2011 at 7:01 pm

    does anyone have this asa821-k8.bin image for cisco asa 5510?

  4. Shane Dias
    November 25, 2011 at 7:48 am

    I have a ASA 5505. The tftp download does work, but each time the appliance is restarted it the exact same message all over again “unable to boot image.” Does anyone have any suggestions?

  5. Scott
    December 21, 2012 at 11:15 am

    Try this after you load the image as instructed above.

    PetesASA# configure terminal
    PetesASA(config)# asdm image disk0:/asdm-631.bin
    PetesASA(config)# write mem
    Building configuration…
    Cryptochecksum: 9c4700fe 475d22c4 13442d06 b0317c89
    9878 bytes copied in 1.550 secs (9878 bytes/sec)
    [OK]
    PetesASA(config)#reload

  6. Scott
    December 21, 2012 at 11:17 am

    dismiss the first 2 lines of code just write mem.

  7. May 18, 2013 at 11:49 pm

    Hello, i think that i noticed you visited my site so
    i got here to go back the favor?.I’m trying to find things to improve my site!I assume its ok to make use of some of your ideas!!

  8. May 19, 2013 at 3:36 am

    thank you very much..this is very helpful to me….

  1. No trackbacks yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: