ASA5520 code upgrade to 9.1(5)
Hello all, just curious if anyone else has seen an issue trying to upgrade an ASA 5520 appliance to 9.1(5) code? We had planned on upgrading our 5520's from 8.4(3) code to 9.1(5). When I attempt to TFTP or use ASDM to copy up the new code image, I get an error as follows:
Accessing tftp://10.10.165.11/asa915-smp-k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
%Error copying tftp://10.10.165.11/asa915-smp-k8.bin (This image is not valid for this platform)
VPNL2LDR1# sho inve
VPNL2LDR1# sho inventory
Name: "Chassis", DESCR: "ASA 5520 Adaptive Security Appliance"
PID: ASA5520 , VID: V06 , SN: xxxxxx
Name: "power supply", DESCR: "ASA/IPS 180W AC Power Supply"
PID: ASA-180W-PWR-AC , VID: V03 , SN: xxxxx
VPNL2LDR1# sho mem
Free memory: 1747525080 bytes (81%)
Used memory: 399958568 bytes (19%)
Total memory: 2147483648 bytes (100%)
I have checked the ASA compatibility doc on CCO, and it indicates that a 5520 with 2G or memory should be able to run 9.1(5). Any suggestions?
Thanks,
Jeff
You've downloaded the incorrect binary image. You need the 9.1(5) without "smp" (Symmetric Multiprocessor) in the image name. The SMP image types are only for the 5500-X series.
Also note that the Release Notes mention that an upgrade directly to 9.1(3) or later would require you to first upgrade to 8.4(6), 9.0(3) or 9.1(2).
Similar Messages
-
302 Redirect Location Header Rewrite not working with code upgrade
Hi,
Description:
We have a portal webservice hosted by an ACE4710. It has two services (www/https) on the same IP 10.1.1.1.
One is a redirect service that redirects all requests to tcp/80 on this ip to the other which is a 'standard' https proxy service.
The backend servers are http only. Externally everything needs to be https.
So we have an ssl proxy and Location header http to https rewrite on the https service.
The configuration below operates correctly on v5_1_2.
But with a code upgrade to 5_3_1b, the Location header rewrite does not work.
We've tried several different configurations and even 'ssl url location rewrite ".*". It just looks like the ACE is completely ignoring the configuration to rewrite the Location field.
Reverting to the older code fixes the problem.
Problem seen:
Here is the problem as seen on the *client*. The 302 redirect Location header is NOT rewritten:
Response headers:
HTTP/1.1 302 FOUND
Server: nginx
Date: Fri, 20 Mar 2015 10:59:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 295
Connection: keep-alive
Location: http://website.liveportal.nhs.uk/homepage/information
Cache-Control: no-cache, no-store
Set-Cookie: information=35a7831d-928d-4122-aef3-39ef48ac4440; Path=/; secure; HttpOnly
X-Frame-Options: DENY
HTTPSampleResult fields:
ContentType: text/html; charset=utf-8
DataEncoding: utf-8
Config extract:
1) Set up the servers (4 normal on tcp/80 and one for a redirect)
rserver host WEBSERVICE-1
ip address 192.168.1.1
conn-limit max 200000 min 160000
inservice
...and the same for the other three
rserver redirect PORTAL_REDIRECT
webhost-redirection https://%h/%p 302
inservice
2) Set up the server farms
serverfarm host PORTAL_LIVE
probe webping
rserver WEBSERVICE-1 80
inservice
rserver WEBSERVICE-2 80
inservice
rserver WEBSERVICE-3 80
inservice
rserver WEBSERVICE-4 80
inservice
serverfarm redirect PORTAL_HTTP_REDIRECT
rserver PORTAL_REDIRECT
inservice
3) Setup the ssl proxy and a location rewrite to https for responses from the servers
action-list type modify http HTTPS_LOCATION
header rewrite response Location header-value "http://(.*)" replace "https://%1"
ssl-proxy service WEB_SSL_PROXY
key webportal.key
cert webportal.crt
chaingroup root-chain
ssl advanced-options SSL-SECURE-STRONG-WEB
4) Set up the L4 services
class-map match-all PORTAL_HTTP
2 match virtual-address 10.1.1.1 tcp eq www
class-map match-all PORTAL_SSL
2 match virtual-address 10.1.1.1 tcp eq https
5) Setup the policy maps - one for the reals servers with header rewrite for redirects
policy-map type loadbalance http first-match PORTAL_HTTP
class class-default
serverfarm PORTAL_HTTP_REDIRECT
policy-map type loadbalance http first-match PORTAL_SSL
class class-default
serverfarm PORTAL_LIVE
action HTTPS_LOCATION
6) Create the service policy
policy-map multi-match EXTERNAL-SERVICES
class PORTAL_SSL
loadbalance vip inservice
loadbalance policy PORTAL_SSL
loadbalance vip icmp-reply
appl-parameter http advanced-options PARAM-HTTP
ssl-proxy server WEB_SSL_PROXY
class PORTAL_HTTP
loadbalance vip inservice
loadbalance policy PORTAL_HTTP
loadbalance vip icmp-reply
7) Apply to the interface
interface vlan 211
description External Access
ip address x.x.x.x 255.255.255.0
alias x.x.x.x 255.255.255.0
peer ip address x.x.x.x 255.255.255.0
access-group input PERMIT-ALL
service-policy input EXTERNAL-SERVICES
no shutdownI found that the v5_3_1b code seems to need a bit of extra configuration and it now works ok.
parameter-map type http PARAM_HTTP
header modify per-request
no persistence-rebalance
case-insensitive -
1410 slow down after code upgrade
Hello everyone. We have a customer with about 12 1410s... they just upgraded the code on them and now have horrible performance even just opening up the configuration webpage. Anyone had similar issues? The release date of the code was May, so I would assume it is not totally the code or Cisco would have deffered that release by now.
Thanks in advance!
ShaneUnder normal conditions if everything is working fine we shouldnt upgrade. Upgrade sometimes leads to problems. Also when you upgrade make sure you dont isntall intermediate releases unless and otherwise it is very urgent. Wait for a complete release.
-
X Code upgrade from Snow Lep to Lion a pain in the ..
having HUGE hassles trying to upgrade my X code from Snow Leopard to Lion..encountered this problem by clicking on my Xcode program only to get a message along the lines of...only worked with Snow Leopard..so I downloaded new version from App store and it continually fails i have deleted older Xcode version..but still the same..have gone to resources file and ran installer..keep getting: The installer encountered an error that caused the installation to fail..contact software manufacturer for assistance.I've tried to find an answer on forums but nothing has worked..sorry folks but I dont like Lion theres been a raft of hassles with this O/S its Apples Vista..its frustrating I paid for last Xcode version..now its free and i cant install it !!..anyone with ideas on how i can install Xcode for lIon considering the issues I have outlined would be greatly appreciated....thanks
Drag the Xcode folder to the Trash and restart. Run the Installer.
-
Hi,
We are upgrading a code on CSS 11503,
Current version is sg0740306s
We are upgrading to sg0810503.adi-gz
I went through the prcedure which is very clear, I am planning to upgrade it manually, my concern is on creating the ftp-record, I downloaded filezilla and started ftp, my questions are on how to proceed from here,
1) CSS management ip is 1.1.1.1 so what should be my pc ip?, I assigned 1.1.1.5 to my pc and I can ping the device from the CSS
2) what type of cable do I need to use?
3) I tried to open ftp in its default mode like when it starts up it will have a loop back address and 14147, when I click ok it will start and says logged on but in CSS when I create ftp-record with the ip,name and password and try to access ftp it never does
FileZilla Server version 0.9.31 beta
Copyright 2001-2009 by Tim Kosse ([email protected])
Connecting to server...
Connected, waiting for authentication
Logged on
On CSS side if I try to download the software from server it says
"unable to connect to the server"
Could you please let me know where I am going wrong??
Thanks in Advance.
Josh.Hi Josh,
1. The IP address can be anything reachable by the CSS.
2. Don't understand this.
The loopback address and port 14147 are for administration. Check that you are actually running an FTP server by using the "netstat -a" command. Look for ports 20 and 21.
If FTP is running, do you have a firewall/ACL that is blocking inbound connections?
Check that your FTP record is pointing at the real address of the FTP server.
ftp-record DEFAULT_FTP 1.1.1.5 wibble ...
and that you have valid credentials on your FTP server (logonid/password).
If that is working, try copying the running configuration to check that FTP is working as required before you kick off an upgrade:
copy running-config ftp DEFAULT_FTP wibble.txt
HTH
Cathy -
I am installing 2 5508 controllers and I cannot add them to the WCS till I upgrade the code on the WCS. The new controllers are running 7.0.116.0 the WCS is on 6.0.132.0. How do I upgrade the WCS code opn the WCS?
check out the release note for the latest WCS version for infos....
http://www.cisco.com/en/US/docs/wireless/wcs/release/notes/WCS_RN7_0_172.html#wp83675
page 179 in the configuration manual will guide you thru the steps...
http://www.cisco.com/en/US/partner/docs/wireless/wcs/7.0MR1/configuration/guide/WCS70MR1.html
Cheers,
Ron -
I just upgraded my ASA5520 from version 7.0(1) to 7.1(2) to 7.2(2). Prior to upgrade I had a static VPN connection to a service provider's Cisco firewall. I also have configured dynamic vpns from cisco vpn clients to access our network via the 5520. Since the software upgrade, the service providers connection still works, but now my dynamic cisco VPN connectsion receive the following error:
IKE initiator: unable to find policy: Intf outside, Src: xxx.xxx.xxx.xxx, Dst yyy.yyy.yyy.y
If I put the IP of the VPN client's internet accessing the ASA into the PEER in place of the Sevice providers IP, the VPN client works.
Anyone have suggestions on how to allow the Static VPN connection to continue to work and allow dynamic VPN connections from any host to connect as they did in the 7.0(1) version? All was working well before upgrading the ASA software.The following links provides a configuration example for Configuring PIX-to-Router Dynamic-to-Static IPSec With NAT
http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094a87.shtml -
WLC code upgrade, WCS, ap_3600
i'm going to upgrade a 5508 wlc code from
7.0.116.0
to
7.1.91.0
to add 3600 series access points having it all manageable via WCS ver 7.0.230.0
it seems to be possible, as it is explained in the compatibility matrix found on
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
now I have to download the file to the controller...
AIR-CT5500-K9-SPECIAL-7-1-91-0.aes
(direct update possible)
before doing that I'd like to know if I will loose my configuration on the controller
i'm concerned about that because the release document is not clear:
- We highly recommend that you back up your controller's configuration files prior to upgrading the controller software. Otherwise, you must manually reconfigure the controller.
- For busy networks, controllers on high utilization, or small controller platforms it is advisable to disable the 802.11a/b/g networks as a precautionary measure.
- Step 5 Disable any WLANs on the controller.
- Step 19 Re-enable the WLANs......
- Step 22 If desired, reload your latest configuration file to the controller. (reload config after reenabling wlans????? why???)
so will I loose my configuration?
what is Field Upgrade Software? should i use that instead?
another controller another question .....: a cisco wlc 2100
found 2 update files
AIR-WLC2100-K9-7-0-230-0-ER.aes
AIR-WLC2100-K9-7-0-230-0.aes
why 2 update files this time? what file to update first?
thank you in advance for your answersThe 5508 has two files when you go to 7.2, which I would for the 3600. You'll also want to download and install the FUS image.
the 'legacy' WLC, like the 2100, have the .aes which is the OS for the WLC. The -ER is an Emergency Recovery image, it's waht you get when you break the boot cycle.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
WLC code upgrade path questions
We running WCS 6.0.132(lastest) and our controllers are on 4.2.130, we now want to upgrade to keep up with the times, but don't want to change over to capwap yet.
Question1:What's the latest LWAPP release code??
Question2:Whats the differences between 4.2.207 (cisco's support page says this is the latest release) but there's even releases with much higher versions ie 6.0 how does this work it's very confusing to workout an upgrade path
CheersHi Tyrone,
I'm not an expert on Versioning but here are some basic details in response
to your query
4.2.207 is the latest release on the 4.2 Train and is probably an excellent choice
if you are avoiding CAPWAP for the time being. You will see in the link below that
there are multiple "simultaneous" Trains for the WLC (and most Cisco products). People
were not huge fans of the early 5.x Trains (quite buggy) and CAPWAP was introduced
in 5.2 and forward so this is why 4.2.207 seems like a good fit for you
In controller software release 5.2 or later, Cisco lightweight access points use the IETF standard Control and Provisioning of Wireless Access Points protocol (CAPWAP) in order to communicate between the controller and other lightweight access points on the network. Controller software releases prior to 5.2 use the Lightweight Access Point Protocol (LWAPP) for these communications.
CAPWAP, which is based on LWAPP, is a standard, interoperable protocol that enables a controller to manage a collection of wireless access points. CAPWAP is being implemented in controller software release 5.2 for these reasons:
To provide an upgrade path from Cisco products that use LWAPP to next-generation Cisco products that use CAPWAP
To manage RFID readers and similar devices
To enable controllers to interoperate with third-party access points in the future
LWAPP-enabled access points can discover and join a CAPWAP controller, and conversion to a CAPWAP controller is seamless. For example, the controller discovery process and the firmware downloading process when you use CAPWAP are the same as when you use LWAPP. The one exception is for Layer 2 deployments, which are not supported by CAPWAP.
You can deploy CAPWAP controllers and LWAPP controllers on the same network. The CAPWAP-enabled software allows access points to join either a controller that runs CAPWAP or LWAPP. The only exception is the Cisco Aironet 1140 Series Access Point, which supports only CAPWAP and therefore joins only controllers that run CAPWAP. For example, an 1130 series access point can join a controller that runs either CAPWAP or LWAPP whereas an 1140 series access point can join only a controller that runs CAPWAP.
http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml
4.2.207 was released 24/Jul/2009 which does make it the second newest version available in any train.
http://www.cisco.com/en/US/products/ps6366/prod_release_notes_list.html
Cheers!
Rob -
Flash 7/ AS 2 code upgrade
I have some code that has been running as AS1/Flash 6 for a
while, and I need to upgrade it tp AS2/Flash 7. I'm having a number
of problems and the one I can't resolve is the following:
_root.N1["button"+count].ButtonText.text = NavArray
I have cleaned up the declaration of variables and made sure
the data types are compatible. The problem lies in the
..N1["button"+count].. part. It seems that the new compiler won't
recognise this way of creating a series of addresses. If I type in
a literal ..N1["button1"].. it works fine, but is limited to only
one instance of the button. How can I create a composite name that
will accept the text variable? Instead of the text I get an
"undefined" error statement. Thanks!Thanks for the point about string length. It didn't make the
difference, but what did, was the removal of a variable that I had
assigned to the text box when creating it. The older version didn't
mind me overwriting the variable name, but the newer version
wouldn't accept that. Thanks for the help! -
Upload new LWAPP code to LAP before WLC code upgrade
Hello,
I read some where that I can pre-position (upload) the new LWAPP or CAPWAP to access points before I upgrade the WLC code. This will reduce the time it takes for the APs to download and run the new code from the WLC
I am not able to find a document to instaruct me how to do it. I'd appriciate if someone can help me out with a link to a document.
Thanks in advace
BoGHey there .. Check out this link
http://www.my80211.com/cisco-wlc-cli-commands/2011/2/20/wlc-predownload-the-image-to-the-access-points-from-the-cont.html -
OIM 10g Utility Factory code -- Upgrading to 11g
Hi all,
I have a custom code in 10g which accesses the OIM API.
It uses the UtilityFactory methods.
We are now moving to 11g and I looked at the 11g documentation and see that it has the "OIMClient". It looks like it still supports the UtilityFactory.
Can I still use the same code and configuration with 11g?What all needs to be changed if I continue using the UtilityFactory method?
What needs to be done to change to the "OIMClient"
Thanks
MOfficially I don't see the tcUtility method being mentioned in any OIM11g document, but only the usage of oimclient. Unofficially it can be used, search the forums where folks have provided a solution. (like: https://forums.oracle.com/forums/thread.jspa?messageID=9840840 )
For oimclient, follow this: http://download.oracle.com/docs/cd/E17904_01/doc.1111/e14309/apis.htm#BCFEIBHH
Note not all the code would work as it is with 11g, specially with regards to requests, object forms etc.
HTH,
BB -
We just got a WLC 4002 with 3.2.150.10 software version. I have followed a procedure to upgrade and I know I need to follow this path 3.2.150.10->4.1->4.2.176.0->5.2
However, I have tried to transfer the 4.1.185 on my controller and I get a
TFTP Failure while storing in flash!
error.
Has anybody experience this?? any adive?1. You could be either using a TFTP server that could not support file transfers greater than 32 MB (if this is the case, go to http://tftpd32.jounin.net/tftpd32_download.html and use TFTP32).
2. Looks like you were upgrading the firmware without upgrading the Bootloader (ER).
Using the same process as the firmware, download and install Bootloader (in the follwoing order)
AIR-WLC4400-K9-4-1-171-0-ER.aes before you install firmware 4.1.185. Then
AIR-WLC4400-K9-4-2-61-0-ER.aes and install AIR-WLC4400-K9-4-2-61-0.aes. Finally, install Bootloader
AIR-WLC4400-K9-5-2-157-0-ER.aes before you install the final 5.x firmware you want.
Sorry, it's a very long process but it's the only way.
Have you seen this documentation:
Wireless LAN Controller (WLC) Software Upgrade
www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805f381f.shtml -
I am in Woodsville,nh. I have no service. do I need to a code/upgrade
Finally got to the store to see what was going on. I didn't do it. My previous carrier was still holding my number even though it was working before. Verizon called and got it released and problem solved!! Thanks!!
-
I have loaded new IOS onto my 4948 switch, using a TFTP server it is located in bootflash:, how do I force the switch to boot from the new code.
I believe you'll have to enter global configuration mode to change the config-register to 0x2102 because the Catalyst 4948 by default appear to have a confi-register 0x2101 (See Cisco Document ID 50421). I know I changed the bootvar and that was not sufficient as I was required to change the config-register for the new IOS to load.
Maybe you are looking for
-
I've had this iPhone 3gs for quite a few years now, I use the 4G as a phone but would love to keep the old one as an iPod etc etc... The big problem is that even when it's fully charged it goes off after a few minutes, and it happens all the time con
-
Troubles importing Flash 10 Animation with 3D Transform
I am looking for any workaround/experiences for importing a Flash 10 animation with 3D transforms. Currently, doing this will wig out Captivate 4 and break the embedded animation in all sorts of ways. AS3 support in Captivate is turned on and the sam
-
Hi Can anyone please suggest on how to link Documents to CRM CIC0 screen. Thanks in Advance
-
IDES 4.7, MMC - disp+work running but message server not reachable
Hi, I loaded IDES 4.7 in Windows 2003 server with Oracle 9i. While starting MMC, the disp+work running but message server not reached causing the issue. Please suggest, Thanks, Prasad
-
How to increase battery HEALTH
i checked my battery health after installing istat pro today, and it said my battery health was currently at 46%. how can i bring that back up if that's even possible?