Jump to content



Photo

Cisco ASA hangs after loading image


  • Please log in to reply
23 replies to this topic

#1 Walid W.

Walid W.

    Neowinian

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 12 June 2014 - 15:51

Hi guys,

 

Long story short, few days ago I couldn't ssh to my firewall so I thought I can restart and it should work but after the restart it started hanging and I couldn't do anything, so I got into rommon mode and erased everything from flash thinking the image is probably corrupted and I can restore a new image from tftp and then copy my configuration and everything will be fine again, BUT I was never more wrong. lol

 

Now I can transfer the image but when it tries to load the image it just hangs and nothing happens. I thought of trying another flash but the same thing and if it had another hardware problem it wouldnt boot into rommon mode, or I am wrong here? So I thought of posting here and probably some of you know what the problem might be as I am clueless and I need my firewall back :(




#2 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 12 June 2014 - 16:22

May have to go inside and take a look around, you may have some damage to the board or power supply causing issues (similar to a computer with exploded capacitors).  If this is the case, hopefully you have a backup config and can get a new on in there quick/have smartnet on it.



#3 OP Walid W.

Walid W.

    Neowinian

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 12 June 2014 - 16:29

I actually opened it but didn't find anything wrong or there was not much to look at. Nope, there is smartnet on it so either I fix this or buy another one. :(

 

As for backup I have backed it up when I upgraded to 2.1 which now supports BGP, not that I will ever be using it at home. :D



#4 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 12 June 2014 - 16:49

What happens if you do the break sequence and load reload the default firmware.  did you fill the memory of the box by having too many firmware revisions on it?



#5 OP Walid W.

Walid W.

    Neowinian

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 12 June 2014 - 17:06

No there was only the one I was using and I don't usually keep the old firmwares, which in my case now was a big mistake. I should have had two images in case one is corrupted it could boot from the other one, but you learn from your mistakes. There is nothing in the flash now as I wiped it out so it doesn't boot. I just tried to change the RAM but still having the same problems.

 

Here is the output:

tftp asa903-k8.bin@10.2.2.150 via 10.2.2.150
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (the rest is cut)

Launching TFTP Image...


#6 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 12 June 2014 - 17:13

you know it can take 15 minutes right?



#7 OP Walid W.

Walid W.

    Neowinian

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 12 June 2014 - 17:17

The other day I left it for more than 10 hours and nothing happened and no I didn't know that actually.

 

EDIT: I got this now after 30 min:

i2c_read_byte_w_wait() error, slot = 0x0, device = 0xa0, address = 0 byte count = 1. Reason: I2C_HOST_BUSY_ERROR
platform_init_from_idprom: i2c_error 5

Cisco Security Appliance admin loader (3.0) #0: Fri Jul 19 16:38:00 PDT 2013

Edit 1: I found this and I guess I have to look for a replacement. :(

https://supportforum...y-asa-5505-dead



#8 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 12 June 2014 - 18:14

btw smartnet may be cheaper then buying a new one.  3 year is about 1/2 the price of a new one, 1 year maybe 100 usd..if using a 5505. 



#9 OP Walid W.

Walid W.

    Neowinian

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 12 June 2014 - 18:31

You are right and I can buy a used one too for that. Anyway, I found this and it seems this is only for 10 users and mine has security plus which means I will pay more for the smartnet. :/

 

http://www.ithsc.com...3-p-154968.html



#10 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 12 June 2014 - 18:39

All you can do is price it out and see. At the very least you will have another on with support if you go the smart net route. If you buy used you will not have any support.

#11 OP Walid W.

Walid W.

    Neowinian

  • Tech Issues Solved: 3
  • Joined: 19-July 08
  • Location: Lost somewhere in Sweden
  • OS: Ubuntu, Debian, Backtrack 5r, Windows 7 & XP
  • Phone: iPhone 3GS, iPhone 4s & HTC One

Posted 12 June 2014 - 18:42

Yeah. We have a used one at the office 5510 that we don't use now. I will talk to my boss and see if I can have it or borrow it (forever) lol



#12 n_K

n_K

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 12 June 2014 - 18:43

Let me get this right, it's about one year old and it's dead already?
There is no excuse for that other than incredibly ###### poor build quality or cheap-as-crap parts.

RMA it and get a refund if you can. That'd stop me ever using cisco again.



#13 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 12 June 2014 - 19:00

there aren't many failures with cisco asa's.  this isn't the norm.  I have had more cisco switches fail than the firewalls I have put in. 



#14 vetneufuse

neufuse

    Neowinian Senior

  • Joined: 16-February 04

Posted 12 June 2014 - 19:02

Let me get this right, it's about one year old and it's dead already?
There is no excuse for that other than incredibly ###### poor build quality or cheap-as-crap parts.

RMA it and get a refund if you can. That'd stop me ever using cisco again.

wow talk about a way to over react to something that could be a simple flaw any hardware device could have... could be as simple as a tftp boot loader issue... which they can't fix on site without the right equipment... consumer level devices can usually fix that stuff with JTAG's but at the cisco and other enterprise level tis a lot harder to do



#15 n_K

n_K

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 12 June 2014 - 19:30

wow talk about a way to over react to something that could be a simple flaw any hardware device could have... could be as simple as a tftp boot loader issue... which they can't fix on site without the right equipment... consumer level devices can usually fix that stuff with JTAG's but at the cisco and other enterprise level tis a lot harder to do

It's not though, the error indicates there's an I2C problem (2 wire data transfer bus) with what looks like an ID ROM... There is no excuse for a read only ROM via I2C to die within even 20 years. Dieing within a single year is outright ridiculous.