Reimage ASA 5516X to FTD

The ASA 5516X box can use ASA software and FTD software. In this post, I will share how to reimage my ASA 5516X box that used ASA software to FTD software.

We need several things ready for reimaging to be successful:

  1. Direct console port access.
  2. Management port to upload the software.
  3. TFTP Server
  4. FTD Software and boot images.
  5. ROMMON image, we need this if the ROMMON software is below 1.1.8.
Direct Console Port and Management Port Access

We need to connect the laptop to the console port ASA box because all the commands will be in CLI. We also need management port to be connected to the TFTP server that hosts the needed software. In this practice, I use my laptop as the TFTP server and hosts the software there.

FTD Software and Boot Images

We will reimage the ASA to FTD 6.4, so we need to download the appropriate. The software download link is here.

We need to download at least these images:

  1. Firepower Threat Defense boot image (ftd-boot-9.12.1.6.lfbff)
  2. Firepower Threat Defense install package (ftd-6.4.0-102.pkg)

As for the ROMMON software, you can download it from here.
Remember, you need to download the software with the Cisco.com login and the service contract is required. Because I work at Cisco Partner, I am entitled to download the software.

Preparation on ASA CLI

At first, you need to know the ROMMON software version on your ASA. Perform the show module command on ASA CLI:

We should check the memory of the ASA with show disk0 command

As we can see that the ROMMON is already up to date to version 1.1.8. Do not forget to record your activation key.

Now, we can start the reimaging process

Reimaging Process

Reload the ASA, and press ESC to interrupt the boot and enter ROMMON mode

Enter these parameters to connect the ROMMON and the laptop

There was an error because of ungraceful system shutdowns, so it would check the file system first.

Then, the FPR will boot up, enter setup command, and setting the necessary parameters for Management interface as below, to establish temporary connectivity to the TFTP server so that you can download and install the system software package.

Then perform command system install noconfirm <url> to download the FTD system software install package

In my case, it took around 45 minutes to reboot the FTD. After reboot, you will be in FTD CLI.

I have an issue after reimaging that I cannot ping from my laptop to the FTD management interface (br1) and vice versa. I will write a post about that matter after this.

Hope this helps.

 

ASA 5500X Password Recovery
FDM showing error message “Application Failure”

Comments

  1. thanks this cleared all my doubt .. however i have one question
    I see you have mentioned

    system install noconfirm http://10.0.0.201/ftd-6.4.0-102.pkg

    10.0.0.201 –> this is your tftp server corect

Leave a Reply

Your email address will not be published / Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.