血的教训:擦除防火墙配置的命令是write erase而不是erase flash!
用交叉线:MGMT(managerment 0/0接到pc机的rj45端口)
用usb转rj45 console线连接pc 这里需要这两条线同时连接好。
这里需要准备cisco tftp server软件、xshell6 、ISO包(建议放到桌面上)
一、运行cisco tftp server服务
二、设置pc机网口网络设置
三、进入监控模式
在设备启动时会有提示按某个键进入监控模式。如下:
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
1.按“ESC”键进入监控模式。
rommon #1>
rommon #2> ADDRESS=192.168.1.1(ASA地址)
rommon #3> GATEWAY=192.168.1.2(默认网关,设置为本机地址即可)
rommon #4> IMAGE=asa9-12-1-smp-k8.bin(指定IOS文件名)
rommon #5> SERVER=192.168.1.2(TFTP SERVER 地址,即本机地址)
rommon #6>
rommon #6> sync
Updating NVRAM Parameters…
rommon #7> ping 192.168.1.2
Link is UP
Sending 20, 100-byte ICMP Echoes to 192.168.1.2, timeout is 4 seconds:
?!!!!!!!!!!!!!!!!!!!
Success rate is 95 percent (19/20) —此处如果不通的话检查当前pc的网口设置(192.168.1.2)
2、执行tftpdnld命令
执行后显示如下:
rommon #8> tftpdnld
ROMMON Variable Settings:
ADDRESS=192.168.1.1
SERVER=192.168.1.
GATEWAY=192.168.1.2
PORT=Management0/0
VLAN=untagged
IMAGE=asa9-12-1-smp-k8.bin
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20
tftp asa9-12-1-smp-k8.bin@192.168.1.2 via 192.168.1.2
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
3、将IOS上传到ASA
此时IOS还没有装入ASA,而是从tftp引导启动设备。这一点当设备启动完毕后可以用show version命令看到:
System p_w_picpath file is “tftp://192.168.1.2/asa821-k8.bin”
启动完毕后需要将tftp server连接到除管理接口以外的其它接口,然后再升级IOS(——建议使用568B直通线从防火墙的g 0/0口连接pc机)
注意:必须要将接口配置成 inside口
ASA#conf t
ASA(config)#int e0/0
ASA(config-if)#nameif inside
ASA(config-if)#ip add 192.168.1.1 255.255.255.0
ASA(config-if)#no sh
ASA#ping 192.168.1.2
通后就可以灌IOS了
执行tftpdnld命令
ASA#copy tftp: flash:
Tftp server IP address:192.168.1.2
Source file name:asa9-12-1-smp-k8.bin
Destination file name:asa9-12-1-smp-k8.bin
到这一步并没有结束,此时还需要进行boot system的设置,使用命令:
ASA(config)#boot system disk0:/asa9-12-1-smp-k8.bin 这步感觉可以省略
—–此处有个报错:不管他后面还是正常。
ASA(config)#wr
然后reload一下就可以了
四、相关错误提示:
重启之后就成功了,但是有如下提示(其实可以忽略,暂时不确定是否对以后的设置产生影响):
Cisco Adaptive Security Appliance Software, version 9.12
Copyright (c) 1996-2019 by Cisco Systems, Inc.
For licenses and notices for open source software used in this product, please visit
http://www.cisco.com/go/asa-opensource
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Reading from flash…
!!WARNING: BOOT variable added, but unable to find disk0:/disk0/asa9-12-1-smp-k8.bin
*** Output from config line 58, “boot system disk0:/disk0…”
.
Cryptochecksum (unchanged): 88da30e0 eff17eac 2e4eedb2 6438b6e2
INFO: Power-On Self-Test in process.
……………………………………………………………..
INFO: Power-On Self-Test complete.
INFO: Starting HW-DRBG health test…
INFO: HW-DRBG health test passed.
INFO: Starting SW-DRBG health test…
INFO: SW-DRBG health test passed.
User enable_1 logged in to ciscoasa
Logins over the last 1 days: 1.
Failed logins since the last login: 0.
Type help or ‘?’ for a list of available commands.
ciscoasa> CXSC module is no longer supported and was prevented from booting
Consider uninstalling the unsupported CXSC module with the command ‘sw-module module cxsc uninstall’
问题1:
!!WARNING: BOOT variable added, but unable to find disk0:/disk0/asa9-12-1-smp-k8.bin
问题2:
ciscoasa> CXSC module is no longer supported and was prevented from booting
Consider uninstalling the unsupported CXSC module with the command ‘sw-module module cxsc uninstall’
未完待续—