File System of Cisco ASA




::The Factory Default Configuration::

Ø  At first time of Boots, ASA comes up running a factory default or initial configuration.
Ø  The initial configuration brings up the following basic functions:
·         One interface is set as a protected “management” network, where a PC will connect.
·         A DHCP server is enabled on management network, at connected have to automatically provide an IP address to PC.
·         An HTTP server also running on management network, to allow the PC to access ASDM with the ASA via TCP port 443.
·         Management interface have IP address 192.168.1.1 and CIDR 24.
·         DHCP server allowed to provide address from a range of 192.168.1.2 to 192.168.1.254
·         HTTP server configured with subnet 192.168.1.0/24 for allow ASDM.
·         ASA’s interface 0/0  works as Management interface at initial configuration.
·         For return to factory default configuration by entering the command:

Ciscoasa(config)# configure factory-default


::Working With Configuration Files::

Ø  An ASA keeps a “startup” configuration file in flash memory.
Ø  The configuration commands in the startup configuration are not lost after a reload or power failure.
Ø  When ASA boots, the Startup Configuration commands are copied to “running” configuration file in RAM.
Ø  ASA have Volatile RAM memory.
Ø  # show startup-config command used to see contents of the startup configuration.
Ø  We can see the running configuration content by entering the # show running-config

Ø  ASA platforms can maintain one or more startup configuration files in flash, depends on space.

Ø  Only one of these can be used at boot time.

Ø  The startup conf contents can be saved in one file during the time that the firewall configuration is stable. If major conf changes need to be made, the new, updated running configuration can be saved to a new , different startup configuration file.

Ø  The next time the ASA is booted, it can use the new startup configuration file.

Ø  If we encounter problems with the new conf, we can force the firewall to roll back or use previous startup configuration in flash memory.

Ø  We can see the startup-conf  file by command: #show startup-configuration

Ø  To force the ASA to use different startup conf file, use the command:

Ciscoasa(config)# boot config <url>

Here url represents the location of the startup configuration file. It can be
·         flash: path
·         disk0: path
·         disk1: path
Where path is directory path. When use above command, be sure to save the running configuration with the “ # copy running-config startup-config  command.
Ø  We can see the current startup configuration file by #show bootvar

Clear an ASA Configuration::
1.       Clear configure all : Clear the entire running configuration.
2.       Clear configure primary : Clear all commands related to connectivity, including ip address, mtu , monitor-interface , boot, route, failover, tftp-server , and shun .
3.       Clear configure secondary : Clears all commands not related to ASA connectivity.
4.       Clear configure command: Clear all commands that use the command keyword.

::Working with the ASA File System::
Ø  A Cisco ASA has a built-in flash (non-volatile) memory file system that contains file such as an operating system image, a management application image , and firewall configuration .
Ø  When an ASA boots, it uncompresses and copies an executable OS image from flash to RAM.
Ø  This image actually run from RAM.
Ø  While an image is being run, a different image can be copied or written into flash memory.
Ø  The running image can be safely overwritten in flash.

Navigating an ASA Flash File System:
Ø  ASA flash file system much like a IOS file system.
Ø  Contain a tree of directories, each containing arbitrary files.
Ø  ASA offers a disk0: and a flash: device. These both refer to the same internal flash memory file system.
Ø  When we connect to an ASA , our session begins in the disk0:/root directory. This directory can contain other files or sub-directories.
Ø  ASA also support a disk1: device, which is a removable flash drive.
Ø  To view the contents of a flash directory, use the #dir [device:][path] command. Example : ciscoasa# dir disk0:/
Working with Files in an ASA File System::
Ø  We can manipulate any files that are stored in an ASA’s file system.
Ø  To view the contents of a file , use command:

More [ / ascii | / binary | / ebcdic ] [ device : ] path

      Ø  By default, the file contents are shown as plain text.
      Ø  We can add the /ascii or /binary option to display both hex and ASCII represents of the file contents.
Ø  As same , /ebcdic option displays the contents in both EBCDIC and ASCII.                                             



Copy Command:::
      Ø  There are 3 different use of the COPY command.
      Ø  First, an ASA image file asa823-k8.bin is copied from a TFTP server to the ASA’s disk0: file system.
      Ø  Second, an ASDM image file is copied from a TFTP server to flash.
      Ø  Final, the running conf is copied from the ASA to a TFTP server.






To Rename an Existing File in Flash ::
         Ø  To rename an existing file in a flash file system, we can use the following command:
   
    Ciscoasa# rename [/noconfirm] [device: ] source-path [ device: ] destination-path

        Ø  Example , the file backup-config is renamed to config-old , Because the CLI session begins in the      disk0:/  directory .







Delete files from an ASA file System::

       Ø  You can delete files from an ASA file system with the following command:

          Ciscoasa# delete [ /noconfirm ] [ /recursive ] [ device:] path





      Ø  Every file, including image files, configuration files , and licensing files, is overwritten with a 0xFF data pattern so that it is completely removed.
      Ø  When flash file system is erased, the ASA can continue to operate because its image file and running configuration are already loaded into RAM.
      Ø  However, once the ASA is rebooted, its operation will be affected.

Reloading an ASA:::

      Ø  An ASA allows one or more OS images to be stored in flash memory.
      Ø  Only one of the image files can be running on the firewall at any time.
      Ø  So we can select one file for use by command:

Ciscoasa(config)# boot system device:path

     Ø  If image file does not exist, then it given warning message.
     Ø  The boot system command is stored in the running configuration after it is entered.
     Ø  It should also be written into the startup configuration so that the image can be identified during the next reload or bootup sequence.





Upgrading the ASA software at the Next Reload::

The upgrade procedure is straight forward by following these steps:
1        .       Copy a new OS image file onto the flash file system.
2        .       Use the boot system command to point to the new image file.
3        .       Save the running conf with the copy running-config startup-config command.
4        .       Reload the ASA.

      Ø  We can see the current boot image setting with the command:
show bootvar

Example: An ASA has two OS image files in the disk0: file system. ASA is currently running the asa802-k8.bin image file . A new image file named asa823-k8.bin has been copied onto the disk0: file system.






 




       Ø  In example, begins with an empty BOOT variable.
       Ø  The asa802-k8.bin image was the only valid image found at bootup time.
       Ø   The boot system disk0:/asa823-k8.bin command is then entered so that the ASA will run an upgrade  image after its next reload.
       Ø  Immediately afterward, the current BOOT variable line indicates that the new image has been identified, but will not yet be used.
       Ø  Finally, the running configuration is saved to the startup configuration.
       Ø  At that point, the BOOT variable= line shows that the new image file will be booted at the next ASA reload.



Performing a Reload::

      Ø  We can force an ASA to reload immediately by issuing the reload command alone.
      Ø  ASA will check to see if the running configuration has already been saved or not.










 
       Ø  We can also schedule a reload for a specific date and time by using command:

     Ciscoasa# reload at hh:mm [ day month | month day ]

       Ø  To schedule a reload after a time interval:

     Ciscoasa# reload in { mm | hhh:mm }

Manually Upgrading the ASA software during Reload::

       Ø  We want to install or upgrade the OS image file on an ASA before it fully boots.
 Ø  We can do this by downloading an image file from a TFTP server when the ASA has booted into its   ROMMON mode.












      Ø  The Parameter you enter are used only temporarily until the ASA can download and run the new image  file.
      Ø  In below example shows a image download. The ASA interface ethernet0/0 is used because the TFTP server is connected there.
      Ø  Interface given IP address 192.168.100.5
      Ø  The TFTP server is found at IP address 192.168.100.10 and new image file is called asa823-k8.bin.
      Ø  As soon as the tftpdnld command is entered, the TFTP file transfer begins.

      Ø  Image file is downloaded and executed by the ASA, it is not permanently stored anywhere. After the ASA finishes booting, you should copy the same image file onto a flash file system by using the “copy” command.




By Er.AJAI SINGH on Wednesday, 30 January 2013 | , | A comment?
0 responses to “File System of Cisco ASA”

Leave a Reply

Newer entries
Older entries