Recovery Cisco Asa image


  •  go to rommon mode

during booting push break or espace button on keyboard

  • configure rommon settings

rommon #2> address
rommon #3> server

rommon #4> interface Management0/0

Link is UP

MAC Address: 000a.b861.67f5

rommon #5> file asa822-k8.bin

  • upload image to firewall


rommon #6> tftpdnld
ROMMON Variable Settings:

tftp asa822-k8.bin@





Received 16459776 bytes

Launching TFTP Image...

Cisco Security Appliance admin loader (3.0) #0: Mon Jan 11 14:23:33 MST 2010
Platform ASA5510-K8
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 26 files, 13/62398 clusters
dosfsck(/dev/hda1) returned 0
Set 'tap0' persistent and owned by uid 0
IO memory 53248000 bytes

Processor memory 132169728, Reserved memory: 41943040 (DSOs: 0 + kernel: 41943040)
Total SSMs found: 1
ASA-SSM-10, SN xxxxxxxxx, HW ver 1.0, FW ver 1.0(11)5

Total NICs found: 7
mcwa i82557 Ethernet at irq 11  MAC: 000a.b861.67f5
mcwa i82557 Ethernet at irq  5  MAC: 0000.0001.0001
i82547GI rev00 Gigabit Ethernet @ irq11 dev 1 index 05 MAC: 0000.0001.0002
i82546GB rev03 Ethernet @ irq09 dev 2 index 03 MAC: 000a.b861.67f9
i82546GB rev03 Ethernet @ irq09 dev 2 index 02 MAC: 000a.b861.67f8
i82546GB rev03 Ethernet @ irq09 dev 3 index 01 MAC: 000a.b861.67f7
i82546GB rev03 Ethernet @ irq09 dev 3 index 00 MAC: 000a.b861.67f6

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 100
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 2
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 250
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has an ASA 5510 Security Plus license.

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

Cisco Adaptive Security Appliance Software Version 8.2(2)

  ****************************** Warning *******************************
  This product contains cryptographic features and is
  subject to United States and local country laws
  governing, import, export, transfer, and use.
  Delivery of Cisco cryptographic products does not
  imply third-party authority to import, export,
  distribute, or use encryption. Importers, exporters,
  distributors and users are responsible for compliance
  with U.S. and local country laws. By using this
  product you agree to comply with applicable laws and
  regulations. If you are unable to comply with U.S.
  and local laws, return the enclosed items immediately.

  A summary of U.S. laws governing Cisco cryptographic
  products may be found at:

  If you require further assistance please contact us by
  sending email to
  ******************************* Warning *******************************

Copyright (c) 1996-2010 by Cisco Systems, Inc.

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706

Type help or '?' for a list of available commands.

  • go to enable configure mode and download image to flash(step above only uploaded image to RAM but is not stored on flash!!!!!!!)

 - configure management interface

interface Management0/0
 nameif Management
 security-level 100
 ip address

 - download image file

ciscoasa(config)# copy tftp: flash:

Address or name of remote host []?

Source filename [asa822-k8.bin]?

Destination filename [asa822-k8.bin]?

Accessing tftp://!!!!!!!!!!!!!!!!!!!

Writing file disk0:/asa822-k8.bin...

16459776 bytes copied in 28.780 secs (587849 bytes/sec)

  • set image as boot image

ciscoasa(config)# boot system disk0:/asa822-k8.bin

  • save configuration

ciscoasa# wr
Building configuration...
Cryptochecksum: 8722b18b cb66838e 1f006390 81ae9982

2128 bytes copied in 3.370 secs (709 bytes/sec)

  • reload firewall and start configuration


dzbanek 2013-01-09




This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.