Friday, September 5, 2014

How to upgrade firmware on your Cisco Appliance

Tools needed:

tftp server (easily found one called )
telnet client (just add it via the add / remove programs applet)


Time needed:

31.5 minutes




Commands are below:

telnet to device:
> telnet 192.168.3.5

copy config externally
> copy flash tftp
>config.text
>192.168.3.25

copy new image and leave the old one there
> archive download-sw  /leave-old tftp://192.168.3.25/...tar


wait like 20 minutes and ping the device for a response and enjoy.



if you need to install a quick tftpd server on centos look below:

. do install tftp server, it will run together with xinetd services.
yum install tftp-server
2. move the tftpboot directory for your own easy maintain purpose. I used to located all my datafile at /var/lib. So will run the command as..
mv /tftpboot/ /var/lib/
3. Change the ownership and folder permission for tftpboot. It will run as nobody user with permission 777..
chown -R nobody:nobody /var/lib/tftpboot/
chmod 777 /var/lib/tftpboot/
4. Edit the tftp file at /etc/xinetd.d/tftp
vi /etc/xinetd.d/tftp
Then add and edit the file to have same line..
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -c -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}

For the server_args, change the path to your tftpboot location. Add -c to able creating new file if/no file exist on the tftp server.
5. Start the xinetd service
service xinetd start
6. Able to see the port 69 exist when running
netstat -ntulp


Posted by at No comments:

Monday, August 25, 2014

Reset a cisco ASA to factory when the enable password is lost ~ then setup for web access

before you start please note you will need to 2 tools to install


hyperterminal for either windows or linux
JAVA JRE

You will need two cables

console to serial cable
2 cat5 patch cables


set your hyperterminal settings to:

  • Bits per second: 9600
  • Data bits: 8
  • Parity: None
  • Stop bits: 1
  • Flow control: None



when the device boots up interrupt is and press esc

 enter the confreg command to view the current configuration register setting: rommon #0>confreg

The current configuration register should be the default of 0×01 (it will actually display as 0x00000001). The security appliance will ask if you want to make changes to the configuration register. Answer no when prompted.

You must change the configuration register to 0×41, which tells the appliance to ignore its saved (startup) configuration upon boot:
rommon #1>confreg 0×41

Reset the appliance with the boot command:
rommon #2>boot


Notice that the security appliance ignores its startup configuration during the boot process. When it finishes booting, you should see a generic User Mode prompt:
ciscoasa>
Enter the enable command to enter Privileged Mode. When the appliance prompts you for a password, simply press (at this point, the password is blank):
ciscoasa>enable

write erase
  1. type ‘config t’
  2. type ‘config factory-default’
  3. hit spacebar when the ‘more’ thing happens. You want to get back to the prompt that looks like: ‘ciscoasa(config)#’
  4. type ‘reload save-config noconfirm’ 
  5. config-register 0x01
     
  6. write mem
    copy running-config startup-config
    

    reload
    

    enable
    

     
    

    config t 
    

    hostname ExampleASA
    

    username example password example privilege 15
    

    interface vlan 1
    

    ip address 172.100.10.1 255.255.255.0
    

    nameif inside
    

    exit
    

    wr mem
    

    copy running-config startup-config 
    

    reload
    

     
    

    enable
    

    config t
    

    int eth0/1
    

    no shutdown
    

    exit
    

    aaa authentication http console LOCAL
    

     
    

    

    http server enable
    

    aaa authentication http console LOCAL
    

    http 172.100.10.0 255.255.255.0 inside
    

    write mem
    

    copy running-config startup-config
    

     
    

     
    

     --------------------------
    

         Now we configure the internet / WAN
    

     ---------------------------
    

     
    

    (config)# interface vlan 2 
    

    ip address 212.115.192.193 255.255.255.248
    

    nameif outside 
    
exit 
    7. 


          route outside 0.0.0.0 0.0.0.0 212.115.192.192

           interface ethernet0/0

          switchport access vlan 2

         no shutdown

        global (outside) 777 interface

       nat (inside) 777 172.100.10.0 255.255.255.0

       wr mem

       copy running-config startup-config
















    


Before changing your ip to the subnet 172.100.10.x please be sure to lower your java security settings


    











Posted by



at





No comments:
  


































        

      









Subscribe to:
Posts (Atom)