When a new image or file is downloaded, it is stored in flash with a specific filename.. You can use the following command to check the available free space in the flash memory: Firewall
Trang 1Dưới đây là một qui trình nâng cấp, qui trình này chưa có phần cập nhật activation-key
Upgrading an Image from an Administrative Session
1 Make sure an image server is available
The server should have the firewall image available for downloading, either by TFTP, FTP, HTTP, or HTTPS
2 Make sure you have sufficient space on the flash file system
An ASA allows one or more image files as well as other files to be stored in flash, as long
as you have sufficient space to contain them all When a new image or file is
downloaded, it is stored in flash with a specific filename A file is overwritten only if an existing file in flash has an identical filename You can use the following command to check the available (free) space in the flash memory:
Firewall# dir flash:/
For example, suppose a new firewall image is available on a server The image file size is 4,995,512 bytes First, the amount of free flash memory is checked, giving the following output:
Firewall# dir flash:/
Directory of flash:/
6 -rw- 4976640 10:04:50 Nov 12 2004 image.bin
10 -rw- 1575 23:05:09 Sep 30 2004 old_running.cfg
12 -rw- 3134 23:30:24 Nov 08 2004 admin.cfg
13 -rw- 1401 14:12:31 Oct 20 2004 CustomerA.cfg
14 -rw- 2515 23:29:28 Nov 08 2004 border.cfg
17 -rw- 1961 13 22 Oct 25 2004 datacenter.cfg
23 -rw- 8596996 10:12:38 Nov 12 2004 asdm.bin
21 drw- 704 15:06:09 Nov 22 2004 syslog
32 -rw- 205 15:06:08 Nov 22 2004 stuff
16128000 bytes total (2466816 bytes free)
Firewall#
Clearly, 2,466,816 bytes free is insufficient to store the new image unless the existing image (image.bin) is overwritten On an FWSM or a PIX 6.3 platform, only one
operating system image and one PDM image can be stored in the flash file system at any time If a new image is downloaded, it automatically overwrites an existing image in flash
3 Make sure the firewall can reach the server:
Trang 2Firewall# ping [interface] ip-address
The server has IP address ip-address The firewall should already have the necessary routing information to reach the server You can specify the firewall interface where the server is located ("outside," for example) if the firewall cannot determine that directly For example, this firewall can reach the server at 192.168.254.2:
Firewall# ping 192.168.254.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.254.2, timeout is
2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Firewall#
4 (TFTP only) Identify a possible TFTP server:
Firewall(config)# tftp-server interface ip-address path
The TFTP server can be found at ip-address on the firewall interface named interface (outside), for example As of FWSM 3.1(1) and ASA 7.0(1), the interface parameter is required For prior releases, the firewall always assumes the inside interface is used for TFTP The only way to override this assumption is by specifying a firewall interface in the tftp-server command This interface is always used whenever files are copied to and from a
TFTP server, even if the server address is different from the one configured with this command
The image files are stored in the path directory on the TFTP server This path is relative only to the TFTP process itself For example, if the image files are stored in the topmost TFTP directory (/tftpboot within the server's file system, for example), the path would
be /, or theroot of the TFTP directory tree
The tftp-server command is optional because most of the TFTP parameters can be given with the copy EXEC command when the image is downloaded
5 Copy the image file from the server
With any download method, the basic command syntax is:
Firewall# copy source flash:[image | pdm | filename]
The image is downloaded and copied into flash memory as either an operating system
Trang 3image or a pdm image Only one of either image type can be stored in the firewall flash, and their locations are automatically determined In fact, PIX 6.3 restricts the image transfer to these two file types
ASA and FWSM platforms make use of their more flexible flash file systems From the system execution space, you can copy one or more image files into flash and then specify which image the firewall should use You can give the destination filename as an
arbitrary filename You also can use the image or asdm keywords for backward
compatibility In that case, the firewall uses the image filename configured with the boot system or asdm image commands, respectively Also, you can choose TFTP, FTP, or HTTP as the copy method, as discussed in the following steps
Use a TFTP server:
Firewall# copy tftp:[:[[//location][/pathname]] flash:
[image | pdm |
filename]
The image file is located on the TFTP server at location, which can be either a hostname (already defined with a name command) or an IP address The image file is referenced by pathname, which can include any directory structure needed within TFTP, along with the filename (If the actual path name of the TFTP directory contains spaces, you should first define the whole path name using the tftp-server command Spaces are not allowed in the pathname here.) If the location or pathname parameters are left out of this command, the firewall prompts you for those values If you add a colon after the tftp keyword, the firewall picks up the remaining parameters configured with the tftp-server command For example, suppose a new operating system image named newimage.bin is located on TFTP server 192.168.254.2 Recall that the firewall assumes that the TFTP server is located on the inside interface by default In this case, it is located on the outside
interface You can download the new firewall image into flash memory using the
following commands:
Firewall# configure terminal
Firewall(config)# tftp-server outside 192.168.254.2 /
Firewall(config)# exit
Firewall# copy tftp://192.168.254.2/newimage.bin
flash:image
Address or name of remote host [192.168.254.2]?
Source filename [newimage.bin]?
Destination filename [image.bin]?
%Warning:There is a file already existing with this name
Do you want to over write? [confirm]
Accessing tftp://192.168.254.2/newimage.bin !!!!!!!!!!!!! [output omitted]
Writing file flash:/image.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
4976640 bytes copied in 143.380 secs (34801 bytes/sec)
Firewall#