两极人生,八度空间

Fight for my CISSP and PMP

首页 新随笔 联系 聚合 管理
  156 Posts :: 22 Stories :: 67 Comments :: 0 Trackbacks


Sometimes, it is required to backup the configuration or IOS of firewalls to a dedicated machine in
case of malfunction with firewall. The farmiliar way is setting a tftp server on a workstation. Connect
you  latitude  to  firewall’s console part with attached console cable,  if you have a  terminal program
such  as  SecureCRT  or  windows  Hypertrm,  you  would  enter  into  CLI  of  firewalls.  Just  use  the
command like as below to backup the file necessary. If you don’t know which command to take, just
enter”?” to find context help.  
FWL# copy flash to tftp
    if you want to know some instances of firewall flash, you can use the command:
FWL#show flash  
 
-#- --length-- -----date/time------ path
    6 8515584        Sep 11 2008 14:14:30 asa724-k8.bin
    7 4181246        Sep 11 2008 14:15:30 securedesktop-asa-3.2.1.103-k9.pkg
    8 398305          Sep 11 2008 14:15:48 sslclient-win-1.1.0.154.pkg
    9 6514852        Sep 11 2008 14:17:36 asdm-524.bin
  12 0                    Sep 11 2008 14:21:38 crypto_archive
We can see from above information shown by the command “show flash”, which not hard to know
the model of firewall, the name of IOS file and the version of ASDM.  
 
If you plan to upgrade you ASA devices IOS, you have to enter the rommon mode. When firewall
reboot press ESC key to enter rommon mode. Perhaps you need make some configuration under
this mode so as to build communication with tftp server.  
 
rommon #1> set    
ROMMON Variable Settings:
    ADDRESS=192.168.0.1(firewall’s address
    SERVER=192.168.0.2 (TFTP server IP
    GATEWAY=192.168.0.2 (also set as TFTP IP)
    PORT=Ethernet0/0 (the port connects to tftp of firewall’s)
    VLAN=untagged 
    IMAGE=asa724-k8.bin  (case sensitive) 
    CONFIG=
    LINKTIMEOUT=20
    PKTTIMEOUT=4
    RETRY=3      (as possible as short)
After finish these setting, then you have to save these new configuration into NVRAM.
Rommon#1>sync
At  the  last  step,  that  is,  excute  tftp  download. Download  the  new  version  IOS  from  tftp  to  your
firewall.  
Rommon#1>tftpdnld
Wait for a minute until it finished all process, then the firewall has booted to user exec mode, such
as :
Firewall>
Enter enable and go into privilege mode, go ahead, because the preceding you finished procedure
just boot your firewall from the IOS exisiting in tftp, you must copy tftp to your firewall’s flash.
Firewall# copy tftp: flash:
According to prompt until success
Finally, excute “firewall#copy running-config startup-config”and end the process of upgrading IOS.

posted on 2009-06-29 11:26 Jerome 阅读(800) 评论(0)  编辑 收藏 引用 所属分类: Telecommunication and Network Security
只有注册用户登录后才能发表评论。