The firewall probably did not ship with the correct os. Grab a TFTP server (win/linux) and upgrade the firewall. ciscoasa(config)# copy tftp://192.168.1.10/asa842-k8.bin flash: Address or name of remote host [192.168.1.10]? Source filename [asa842-k8.bin]? Destination filename [asa842-k8.bin]? Accessing tftp://192.168.1.10/asa842-k8.bin...!!!!!!!!!!!!!!!!!! Installing the OS on a blank firewall.One would think that you could use the USB socket on the front of the firewall to upload the OS on, right?!?! Nope! the USB socket is just for show. Cisco has not figured out how to use it just yet. To upload an OS on an ASA with no system image, first plug your PC directly into the g0/0 interface, and set your IP to 1.1.1.1 . (You might also want to confirm you have enough memory.) Also setup a tftp server on your PC and make the OS image for the firewall available. (good apps for this would be MobiaXterm, or tftpd32.Then from the console of the firewall at boot time, send the BREAK signal to get to the rommon prompt. Then enter in the following commands: ADDRESS=1.1.1.2 GATEWAY=1.1.1.1 SERVER=1.1.1.1 PORT=GigabitEthernet0/0 IMAGE=asa845-k8.bin set ping 1.1.1.1 tftp This will get your firewall to boot directly from the tftp server. This is a good start, but the OS is not yet on disk yet. You need to do the following too! First look will show you that you don't have any interfaces set ciscoasa# sh int ip br Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES unset administratively down up GigabitEthernet0/1 unassigned YES unset administratively down up GigabitEthernet0/2 unassigned YES unset administratively down down GigabitEthernet0/3 unassigned YES unset administratively down down Management0/0 unassigned YES unset administratively down down ciscoasa# So set up an interface ciscoasa# conf t ciscoasa(config)# ciscoasa(config-if)# ip add 1.1.1.2 255.255.255.0 ciscoasa(config-if)# security-level 0 ciscoasa(config-if)# nameif out ciscoasa(config-if)# no shut ciscoasa(config-if)# end And then confirm that it works. ciscoasa# sh int ip brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 1.1.1.2 YES manual up up GigabitEthernet0/1 unassigned YES unset administratively down up GigabitEthernet0/2 unassigned YES unset administratively down down GigabitEthernet0/3 unassigned YES unset administratively down down Management0/0 unassigned YES unset administratively down down ciscoasa# ciscoasa# ping 1.1.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms ciscoasa# ping 1.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms ciscoasa# References: |