nabz0r Veteran Posted June 12, 2014 Veteran Share Posted June 12, 2014 Hi guys, Long story short, few days ago I couldn't ssh to my firewall so I thought I can restart and it should work but after the restart it started hanging and I couldn't do anything, so I got into rommon mode and erased everything from flash thinking the image is probably corrupted and I can restore a new image from tftp and then copy my configuration and everything will be fine again, BUT I was never more wrong. lol Now I can transfer the image but when it tries to load the image it just hangs and nothing happens. I thought of trying another flash but the same thing and if it had another hardware problem it wouldnt boot into rommon mode, or I am wrong here? So I thought of posting here and probably some of you know what the problem might be as I am clueless and I need my firewall back :( Link to comment Share on other sites More sharing options...
sc302 Veteran Posted June 12, 2014 Veteran Share Posted June 12, 2014 May have to go inside and take a look around, you may have some damage to the board or power supply causing issues (similar to a computer with exploded capacitors). If this is the case, hopefully you have a backup config and can get a new on in there quick/have smartnet on it. Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted June 12, 2014 Author Veteran Share Posted June 12, 2014 I actually opened it but didn't find anything wrong or there was not much to look at. Nope, there is smartnet on it so either I fix this or buy another one. :( As for backup I have backed it up when I upgraded to 2.1 which now supports BGP, not that I will ever be using it at home. :D Link to comment Share on other sites More sharing options...
sc302 Veteran Posted June 12, 2014 Veteran Share Posted June 12, 2014 What happens if you do the break sequence and load reload the default firmware. did you fill the memory of the box by having too many firmware revisions on it? Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted June 12, 2014 Author Veteran Share Posted June 12, 2014 No there was only the one I was using and I don't usually keep the old firmwares, which in my case now was a big mistake. I should have had two images in case one is corrupted it could boot from the other one, but you learn from your mistakes. There is nothing in the flash now as I wiped it out so it doesn't boot. I just tried to change the RAM but still having the same problems. Here is the output: tftp asa903-k8.bin@10.2.2.150 via 10.2.2.150 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (the rest is cut) Launching TFTP Image... Link to comment Share on other sites More sharing options...
sc302 Veteran Posted June 12, 2014 Veteran Share Posted June 12, 2014 you know it can take 15 minutes right? Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted June 12, 2014 Author Veteran Share Posted June 12, 2014 The other day I left it for more than 10 hours and nothing happened and no I didn't know that actually. EDIT: I got this now after 30 min: i2c_read_byte_w_wait() error, slot = 0x0, device = 0xa0, address = 0 byte count = 1. Reason: I2C_HOST_BUSY_ERROR platform_init_from_idprom: i2c_error 5 Cisco Security Appliance admin loader (3.0) #0: Fri Jul 19 16:38:00 PDT 2013 Edit 1: I found this and I guess I have to look for a replacement. :( https://supportforums.cisco.com/discussion/11000121/my-asa-5505-dead Link to comment Share on other sites More sharing options...
sc302 Veteran Posted June 12, 2014 Veteran Share Posted June 12, 2014 btw smartnet may be cheaper then buying a new one. 3 year is about 1/2 the price of a new one, 1 year maybe 100 usd..if using a 5505. Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted June 12, 2014 Author Veteran Share Posted June 12, 2014 You are right and I can buy a used one too for that. Anyway, I found this and it seems this is only for 10 users and mine has security plus which means I will pay more for the smartnet. :/ http://www.ithsc.com/ciscohardwaremaintenance/SMARTnet-8x5xNBD-CON-SNT-AS5BUNK9-153-p-154968.html Link to comment Share on other sites More sharing options...
sc302 Veteran Posted June 12, 2014 Veteran Share Posted June 12, 2014 All you can do is price it out and see. At the very least you will have another on with support if you go the smart net route. If you buy used you will not have any support. Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted June 12, 2014 Author Veteran Share Posted June 12, 2014 Yeah. We have a used one at the office 5510 that we don't use now. I will talk to my boss and see if I can have it or borrow it (forever) lol Link to comment Share on other sites More sharing options...
n_K Posted June 12, 2014 Share Posted June 12, 2014 Let me get this right, it's about one year old and it's dead already?There is no excuse for that other than incredibly ###### poor build quality or cheap-as-crap parts. RMA it and get a refund if you can. That'd stop me ever using cisco again. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted June 12, 2014 Veteran Share Posted June 12, 2014 there aren't many failures with cisco asa's. this isn't the norm. I have had more cisco switches fail than the firewalls I have put in. Link to comment Share on other sites More sharing options...
neufuse Veteran Posted June 12, 2014 Veteran Share Posted June 12, 2014 Let me get this right, it's about one year old and it's dead already? There is no excuse for that other than incredibly ###### poor build quality or cheap-as-crap parts. RMA it and get a refund if you can. That'd stop me ever using cisco again. wow talk about a way to over react to something that could be a simple flaw any hardware device could have... could be as simple as a tftp boot loader issue... which they can't fix on site without the right equipment... consumer level devices can usually fix that stuff with JTAG's but at the cisco and other enterprise level tis a lot harder to do Link to comment Share on other sites More sharing options...
n_K Posted June 12, 2014 Share Posted June 12, 2014 wow talk about a way to over react to something that could be a simple flaw any hardware device could have... could be as simple as a tftp boot loader issue... which they can't fix on site without the right equipment... consumer level devices can usually fix that stuff with JTAG's but at the cisco and other enterprise level tis a lot harder to do It's not though, the error indicates there's an I2C problem (2 wire data transfer bus) with what looks like an ID ROM... There is no excuse for a read only ROM via I2C to die within even 20 years. Dieing within a single year is outright ridiculous. Link to comment Share on other sites More sharing options...
neufuse Veteran Posted June 12, 2014 Veteran Share Posted June 12, 2014 It's not though, the error indicates there's an I2C problem (2 wire data transfer bus) with what looks like an ID ROM... There is no excuse for a read only ROM via I2C to die within even 20 years. Dieing within a single year is outright ridiculous. If you are reading in the cisco forums for device owners with active subscriptions, this is not an issue with a ROM, and it can happen with a corrupted boot loader which is also upgraded during some firmware upgrades Link to comment Share on other sites More sharing options...
neufuse Veteran Posted June 12, 2014 Veteran Share Posted June 12, 2014 Have you tried going back a few versions via RomMon? People seem to be hinting at going way back and trying that as working for them also resetting any passwords that linger in cache via rommon seems to help for some users who get locked up Seems like it's erase the flash, clear any disks, reload an old old image via romMon then boom it strangely works Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted June 12, 2014 Author Veteran Share Posted June 12, 2014 I have used this for the last 4 years at least and specially this one was used by a customer of ours, and when they upgraded we got this back so I was allowed to take it home to use it. I have tried several images old and new but no sucess. Erased the flash and almost did everything else but I didn't have any luck. I have posted in Cisco so let's see if they have other tricks, etc. In the mean while I am going to get another one from a close friend of mine and I don't have to pay for it. Yay :D Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted June 13, 2014 MVC Share Posted June 13, 2014 These are my notes for this kind of thing.... Recover from a Damaged or Broken IOS, Using the Console Cable: flash_init load_helper dir flash: boot flash:c2950-i6k2l2q4-mz.121-22.EA13.bin clear In bold is whatever is in your Flash Mem but you said you wiped it. You might be SOL Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted June 13, 2014 Author Veteran Share Posted June 13, 2014 Correct me if I am wrong but I think those commands doesn't work on ASA, but I will give it a try and let you know. :) Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted June 13, 2014 MVC Share Posted June 13, 2014 You may be right, They are just IOS commands however. Link to comment Share on other sites More sharing options...
AStaUK Posted June 13, 2014 Share Posted June 13, 2014 Without a Cisco support contract where did you get the image, have you tried comparing the MD5 hash for you image against those provided on the Cisco site? Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted June 13, 2014 Author Veteran Share Posted June 13, 2014 I bought it from some guy. The image is not the problem here as I posted earlier this is a hardware problem: https://supportforums.cisco.com/discussion/11000121/my-asa-5505-dead Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted June 13, 2014 Author Veteran Share Posted June 13, 2014 I got my friends ASA now and going to configure it. I just want to write this simple steps for those who are looking for how to upload IOS image from Rommon, here is how you do it: 1. Reload ASA 2. Hit Esc 3. ADDRESS=10.1.1.1 (hit enter) 4. SERVER=10.1.1.10 (this should be your computer's IP) 5. GATEWAY= 10.1.1.0 (computer's IP) 6. IMAGE=asaxxx-xxx.bin (The image you want to use) 7. tftpdnld Hit enter, the ASA will start uploading the image from the TFTP server which should be in your PC. After that it will load the image and you are done. 8. Reload (ASA will start reloading) After this, you have a working ASA with a new image. If you forgot your password do the following: 1. Reload ASA 2. Hit Esc 3. confreg 0x41 (see what is your current configuration registrey and write it down somewhere as you are going to need it later when on and it usually is 0x1 = 0x00000001) 4. reset (it will restart) Login you wont be needing any password as you just reset it. 5. Copy startup-config running-config 6. Change your password 7. Config registrey 0x1 or whatever your registery was before changing it. 8. Reload and login with the password you just changed, you are done! Hope this helps someone. :) Link to comment Share on other sites More sharing options...
Recommended Posts