ACS patch 5-2-0-26-11 installation

You can define a repository in the web admin page as well as the CLI. It might be easier for you to create it in the web first if you are unfamiliar with ACS.

To create a repository, navigate to System Administraton > Operations > Software Repositories. At the bottom of the page will be a button for 'Create'

I’ve never had a lot of luck trying to patch ACS using TFTP or SCP, but it seems to work when I use FTP so I would recommend using FTP as the protocol for the repository.

The procedure is pretty simple:

• Download your patch.
  • Usually it will download as {patchname}.tar.tar so you will have to rename it to{patchname}.tar.gpg
• Place the patch on your FTP server.
• Create a repository in ACS that points to the FTP server.
  • For instance, if your FTP server has the IP address of 192.168.1.130 and you copied the patch to the root of the FTP directory you would create a repository as follows:
    • Name: patches
    • Protocol: FTP
    • Server Name: 192.168.1.130
    • Path:/
    • Username: {Your FTP username}
    • Password: {Your FTP password}
• Log in to the ACS CLI with SSH.
• Issue the command: acs patch install 5-2-0-26-4.tar.gpg repository patches.

This should start the FTP download and once it’s complete it will start installing the patch. Make sure you keep an eye on the command line because it will likely be asking you if it’s ok to stop the ACS service.

More information on repositories can be found here:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/admin_operations.html#wp1053302

Good luck!!

Using the ROMMON to load a new image on Cisco ASA Firewall

If for any reason the software image on your Cisco ASA appliance is corrupted and the device does not boot to normal operating mode, then you can load a new image using ROMMON (ROM monitor mode) and TFTP. Follow the steps below to get into ROMMON mode and then assign all necessary settings for uploading the new image file:

Step1: Connect to the ASA firewall using a console cable.

Step2: Power off the appliance and then power it on.

Step3: When the appliance starts, press the Escape key on your keyboard to force the appliance to enter ROMMON mode.

Step4: In ROMMON mode, configure all necessary settings for connecting to the TFTP server to load the new image. You need to connect a PC with TFTP server on a firewall port (e.g Ethernet0/0). Then enter the following commands on the ASA.

rommon #1> ADDRESS=192.168.1.10
rommon #2> SERVER=192.168.1.1
rommon #3> GATEWAY=192.168.1.1
rommon #4> IMAGE=asa800-232-k8.bin
rommon #5> PORT=Ethernet0/0
 

The above configuration will assign an IP address of 192.168.1.10 to interface Ethernet0/0 of the firewall appliance. It will also tell the firewall that the TFTP SERVER is at address 192.168.1.1 and the image to load is asa800-232-k8.bin

Step5: Execute the TFTP upload from the ASA using:

rommon #6> tftp

The above instructs the firewall to start uploading the image file from TFTP.

After the firewall reboots, login and check that the new image has been installed (show version)