Archive

Posts Tagged ‘rommon’

Boot Image Recovery on a Cisco ASA Firewall

August 27, 2010 8 comments

I was performing some basic maintenance on a Cisco ASA5510 firewall. When I was finished performing the maintenance I proceeded to reload the device. Next thing you know the firewall went into a boot loop, not good! So I hooked up a console cable to figure out what was going on. It appears that somehow my software image had become corrupted and the ASA would not boot.

I was getting the following error message:

Error 15: File not found

Unable to boot an image

So I fired up the WiFi hotspot on my Motorola Droid and proceeded to download the appropriate software image from the Cisco Support website.

Here are the required steps to recover from a missing or corrupt boot image:

  • Connect a console cable from the ASA to your computer and open up a serial connection using Putty
  • Disable any software firewall on your computer
  • Install TFTP server software on your computer – I used Solarwinds TFTP server
  • Place the Cisco software image in the TFTP-Root folder (asa821-k8.bin) and start the TFTP service
  • Assign a static IP address to your computer – I used 192.168.20.1 (an address outside of my existing subnet)
  • Connect an Ethernet cable between your computer and port 0/0 on the ASA
  • Power off the ASA then power it back on
  • Press the escape key to boot into ROMMON mode
  • Enter the following commands in the ASA (the first part of these commands must be in caps)

    rommon #1> ADDRESS=192.168.20.10
    rommon #2> SERVER=192.168.20.1
    rommon #3> GATEWAY=192.168.20.1
    rommon #4> IMAGE=asa821-k8.bin
    rommon #5> PORT=Ethernet0/0

  • These commands assign an IP address of 192.168.20.10 to port 0/0 on the ASA and tell it to look at your TFTP server 192.168.20.1 and to select the ASA software image.
  • Next, execute the command to transfer the image from the TFTP server to the ASA

    rommon #6> tftp

Once the file transfer completes reboot the ASA and cross your fingers. If everything works the device should successfully reload and your existing configuration should remain intact.

%d bloggers like this: