Hi All!
Công ty em đang sài ASA5510 IOS v7.1, bây giờ em muốn update IOS của con ASA này nên version cao hơn, vậy em chú ý cái j?
Thanks

hoannx có đổi activation key trong lần upgrade này ko?

Hi Anh Minh!
Em không cũng chưa làm cái này bao h, anh thử cả 2 trường hợp giúp em, có đổi active key và không đổi active key
Thanks

Hi hoannx,

Dưới đây là một qui trình nâng cấp, qui trình này chưa có phần cập nhật activation-key.

Upgrading an Image from an Administrative Session

1. Make sure an image server is available.

The server should have the firewall image available for downloading, either by TFTP, FTP, HTTP, or HTTPS.

2. Make sure you have sufficient space on the flash file system.

An ASA allows one or more image files as well as other files to be stored in flash, as long as you have sufficient space to contain them all. When a new image or file is downloaded, it is stored in flash with a specific filename. A file is overwritten only if an existing file in flash has an identical filename. You can use the following command to check the available (free) space in the flash memory:

Firewall# dir flash:/

For example, suppose a new firewall image is available on a server. The image file size is 4,995,512 bytes. First, the amount of free flash memory is checked, giving the following output:

Firewall# dir flash:/
Directory of flash:/
6 -rw- 4976640 10:04:50 Nov 12 2004 image.bin
10 -rw- 1575 23:05:09 Sep 30 2004 old_running.cfg
12 -rw- 3134 23:30:24 Nov 08 2004 admin.cfg
13 -rw- 1401 14:12:31 Oct 20 2004 CustomerA.cfg
14 -rw- 2515 23:29:28 Nov 08 2004 border.cfg
17 -rw- 1961 13:52:22 Oct 25 2004 datacenter.cfg
23 -rw- 8596996 10:12:38 Nov 12 2004 asdm.bin
21 drw- 704 15:06:09 Nov 22 2004 syslog
32 -rw- 205 15:06:08 Nov 22 2004 stuff
16128000 bytes total (2466816 bytes free)
Firewall#


Clearly, 2,466,816 bytes free is insufficient to store the new image unless the existing image (image.bin) is overwritten. On an FWSM or a PIX 6.3 platform, only one operating system image and one PDM image can be stored in the flash file system at any time. If a new image is downloaded, it automatically overwrites an existing image in flash.

3. Make sure the firewall can reach the server:


Firewall# ping [interface] ip-address


The server has IP address ip-address. The firewall should already have the necessary routing information to reach the server. You can specify the firewall interface where the server is located ("outside," for example) if the firewall cannot determine that directly. For example, this firewall can reach the server at 192.168.254.2:

Firewall# ping 192.168.254.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.254.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Firewall#


4. (TFTP only) Identify a possible TFTP server:

Firewall(config)# tftp-server interface ip-address path

The TFTP server can be found at ip-address on the firewall interface named interface (outside), for example. As of FWSM 3.1(1) and ASA 7.0(1), the interface parameter is required. For prior releases, the firewall always assumes the inside interface is used for TFTP. The only way to override this assumption is by specifying a firewall interface in the tftp-server command. This interface is always used whenever files are copied to and from a
TFTP server, even if the server address is different from the one configured with this command.

The image files are stored in the path directory on the TFTP server. This path is relative only to the TFTP process itself. For example, if the image files are stored in the topmost TFTP directory (/tftpboot within the server's file system, for example), the path would be /, or theroot of the TFTP directory tree.

The tftp-server command is optional because most of the TFTP parameters can be given with the copy EXEC command when the image is downloaded.

5. Copy the image file from the server.

With any download method, the basic command syntax is:

Firewall# copy source flash:[image | pdm | filename]

The image is downloaded and copied into flash memory as either an operating system image or a pdm image. Only one of either image type can be stored in the firewall flash, and their locations are automatically determined. In fact, PIX 6.3 restricts the image transfer to these two file types.
ASA and FWSM platforms make use of their more flexible flash file systems. From the system execution space, you can copy one or more image files into flash and then specify which image the firewall should use. You can give the destination filename as an arbitrary filename. You also can use the image or asdm keywords for backward compatibility. In that case, the firewall uses the image filename configured with the boot system or asdm image commands, respectively. Also, you can choose TFTP, FTP, or HTTP as the copy method, as discussed in the following steps.

Use a TFTP server:
Firewall# copy tftp:[:[[//location][/pathname]] flash:[image | pdm |
filename]

The image file is located on the TFTP server at location, which can be either a hostname (already defined with a name command) or an IP address. The image file is referenced by pathname, which can include any directory structure needed within TFTP, along with the filename. (If the actual path name of the TFTP directory contains spaces, you should first define the whole path name using the tftp-server command. Spaces are not allowed in the pathname here.) If the location or pathname parameters are left out of this command, the firewall prompts you for those values. If you add a colon after the tftp keyword, the firewall picks up the remaining parameters configured with the tftp-server command.

For example, suppose a new operating system image named newimage.bin is located on TFTP server 192.168.254.2. Recall that the firewall assumes that the TFTP server is located on the inside interface by default. In this case, it is located on the outside interface. You can download the new firewall image into flash memory using the following commands:

Firewall# configure terminal
Firewall(config)# tftp-server outside 192.168.254.2 /
Firewall(config)# exit
Firewall# copy tftp://192.168.254.2/newimage.bin flash:image
Address or name of remote host [192.168.254.2]?
Source filename [newimage.bin]?
Destination filename [image.bin]?
%Warning:There is a file already existing with this name
Do you want to over write? [confirm]
Accessing tftp://192.168.254.2/newimage.bin...!!!!!!!!!!!!!
[output omitted]
Writing file flash:/image.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
4976640 bytes copied in 143.380 secs (34801 bytes/sec)
Firewall#

Hi Anh!
Anh có thể gửi cho em đường link để download IOS của ASA nhé, em search mà nó cứ hỏi user, password khi em đăng nhập vào thì vẫn không download được.
Thanks

bạn hoannx cần version cao hơn là version bao nhiêu?

Thanks anh Minh. Em làm OKie rùi

Hi Anh!
Em đã sh ver của con ASA đó lên anh thử check giúp em xem nó có thể upgrade lên được version bao nhiêu nhé, anh hướng dẫn em cách check nhé.
ciscoasa# sh version

Cisco Adaptive Security Appliance Software Version 7.1(2)
Device Manager Version 5.1(2)

Compiled on Tue 14-Mar-06 17:00 by dalecki
System image file is "disk0:/asa712-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 143 days 5 hours

Hardware: ASA5510-K8, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash AT49LW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is 0019.2f58.c25c, irq 9
1: Ext: Ethernet0/1 : address is 0019.2f58.c25d, irq 9
2: Ext: Ethernet0/2 : address is 0019.2f58.c25e, irq 9
3: Ext: Not licensed : irq 9
4: Ext: Management0/0 : address is 0019.2f58.c260, irq 11
5: Int: Not licensed : irq 11
6: Int: Not licensed : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : 4
Maximum VLANs : 10
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 50

This platform has a Base license.

Serial Number: JMX1106K057

Thanks

Con ASA5510 này có thể chạy được version 8.0 mới nhất.

Thưa thầy, trên con ASA em thấy có port USB, vậy làm sao để sử dụng 2 port đó ạh? Em thấy nếu dùng port USB đó thì kg cần phải dùng TFTP server ----> tiết kiệm thời gian :X :105:

Hix hix, mới search trên Cisco thì thấy mấy cái port USB này chỉ để dành cho tương lai, Not supported at this time. Không biết có nhìn nhầm kg nữa :-SS

đúng, các cổng này hiện giờ chưa ứng dụng gì.

bạn hoannx cần version cao hơn là version bao nhiêu?

em hỏi anh anh ơi anh có biết cách nào download flash cho pemu ko em muốn kết nối asdm với firewall trong pemu nhưng trong flash của pemu ko hỗ trợ anh có thể giúp em được ko thankyou anh

Dear thầy Đ. Q. Minh,

Trong Cisco ASDM, Configuration > Properties, em thấy có mục Auto Update. Cái này có phải để kết nối tự động đến server của Cisco để nó tự update không? Nó update cái gì? Và sử dụng như thế nào?