I ran into an unexpected issue the other day that kept me scratching my head for a few minutes when a new ASA refused to take a code upgrade. Read on for the details.
I was staging a new pair of ASA5515X firewalls for a customer, and since I’ve run into a couple oddities with ASA version 9.1.1, and even more with 9.1.2, I decided to go to the latest release, 9.1.3. The factory load for the ASA5500X is currently a build of 8.6.1. I stuck a USB drive into the ASA (which at some point recently started actually working and mounting as disk1:) and tried to copy the file over to the internal flash:
ciscoasa# dir disk1: Directory of disk1:/ 131 -rwx 22658960 12:21:16 Oct 24 2013 asdm-714.bin 132 -rwx 37656576 12:21:04 Oct 24 2013 asa913-smp-k8.bin 4094177280 bytes total (3771912192 bytes free) ciscoasa# ciscoasa# ciscoasa# copy disk1:/asa913-smp-k8.bin disk0:/ Source filename [asa913-smp-k8.bin]? Destination filename [asa913-smp-k8.bin]? Copy in progress...CCCCC.. lots of C’s .. CCCCCC No Cfg structure found in downloaded image file
I’ve never seen an error like this before. A coworker pointed me in the right direction on this, although after Tweeting about it I have to thank Rob Gilreath as well for his response:
@BobMcCouch here’s the bug ID: CSCuh25271
— Rob Gilreath (@robg485) October 24, 2013
For those who can’t look up the BugID on Cisco’s site, basically it says that certain builds that did not have a fix for another code-loading bug included are unable to load 9.1(3). Notable affected releases are early 8.4 releases, 8.6, 9.0(1) and 9.1(1). If you hit this error, you have to do a two-step upgrade first to a release that doesn’t have the original bug (such as 9.1(2)), and then to 9.1(3).
I did this, and my upgrade went fine:
ciscoasa# copy /noconfirm disk1:/asa912-smp-k8.bin disk0:/ Copy in progress...CCCCCCCCC.. Lots of C’s ..CCCCC Writing file disk0:/asa912-smp-k8.bin... !!!!!!!.. Lots of !’s.. !!!!!!! ciscoasa# reload <boot stuff> ciscoasa# show ver | i Version Cisco Adaptive Security Appliance Software Version 9.1(2) ciscoasa# copy /noconfirm disk1:/asa913-smp-k8.bin disk0:/ Copy in progress...CCCCCC - snip - CCCCCCC Writing file disk0:/asa913-smp-k8.bin... !!!!!! - snip - !!!!! 37656576 bytes copied in 19.730 secs (1981925 bytes/sec) ciscoasa#
After the successful file copy, I reloaded into 9.1(3) and went on my merry way. I’m really hopeful this was an isolated incident of a bug manifesting in an odd way. The Cisco wireless controller products have finally started to get out of the thicket of step-wise upgrades that require two or more intermediate stops to get from release A to release B. Hopefully the ASA isn’t falling into that same quagmire as it’s really a hassle to deal with.
Herding Packets 
happened to me with an ASA pair a few weeks ago too. Reminds me of something worse than the WLC controller – Cisco phones! tons of multi-step firmware upgrades to get those stupid things working
you can also try “enable_15” as the username and then the password form before the upgrade
Interesting, I’ll have to look into this. I still have some clients that need to get past this upgrade point. Thanks!
Thanks for this. Also had the same issue, had to update to 9.1(2) first then I was able to jump to 9.2(2)4.
Glad you were able to get it worked out. There are a few versions you can do a direct jump past 9.1.2 from, but I usually just assume we have to stop off at 9.1.2 first.
Thanks for reading!
Thanks!