Sometimes, it is required to backup the configuration or IOS of firewalls to a dedicated machine in
case of malfunction with firewall. The farmiliar way is setting a tftp server on a workstation. Connect
you latitude to firewall’s console part with attached console cable, if you have a terminal program
such as SecureCRT or windows Hypertrm, you would enter into CLI of firewalls. Just use the
command like as below to backup the file necessary. If you don’t know which command to take, just
enter”?” to find context help.
FWL# copy flash to tftp
if you want to know some instances of firewall flash, you can use the command:
FWL#show flash
-#- --length-- -----date/time------ path
6 8515584 Sep 11 2008 14:14:30 asa724-k8.bin
7 4181246 Sep 11 2008 14:15:30 securedesktop-asa-3.2.1.103-k9.pkg
8 398305 Sep 11 2008 14:15:48 sslclient-win-1.1.0.154.pkg
9 6514852 Sep 11 2008 14:17:36 asdm-524.bin
12 0 Sep 11 2008 14:21:38 crypto_archive
We can see from above information shown by the command “show flash”, which not hard to know
the model of firewall, the name of IOS file and the version of ASDM.
If you plan to upgrade you ASA devices IOS, you have to enter the rommon mode. When firewall
reboot press ESC key to enter rommon mode. Perhaps you need make some configuration under
this mode so as to build communication with tftp server.
rommon #1> set
ROMMON Variable Settings:
ADDRESS=192.168.0.1(firewall’s address
SERVER=192.168.0.2 (TFTP server IP
GATEWAY=192.168.0.2 (also set as TFTP IP)
PORT=Ethernet0/0 (the port connects to tftp of firewall’s)
VLAN=untagged
IMAGE=asa724-k8.bin (case sensitive)
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=3 (as possible as short)
After finish these setting, then you have to save these new configuration into NVRAM.
Rommon#1>sync
At the last step, that is, excute tftp download. Download the new version IOS from tftp to your
firewall.
Rommon#1>tftpdnld
Wait for a minute until it finished all process, then the firewall has booted to user exec mode, such
as :
Firewall>
Enter enable and go into privilege mode, go ahead, because the preceding you finished procedure
just boot your firewall from the IOS exisiting in tftp, you must copy tftp to your firewall’s flash.
Firewall# copy tftp: flash:
According to prompt until success
Finally, excute “firewall#copy running-config startup-config”and end the process of upgrading IOS.