September 3, 2010

Can’t write mem on ASA

March 27, 2009 7 Comments
x
Bookmark

frustratedToday while working on a config of a new ASA5510 I ran into a very strange error that I wanted to share with you.

I was configured the ASA as usual. When I was finished, I issued the standard "write mem" and saw the most bizarre error message...

asa# wr mem
Building configuration…
Cryptochecksum: 85ef8693 914a94f3 03a5bb9e 823bb285
%Error opening disk0:/.private/startup-config (Read-only file system)
Error executing command [FAILED]

I was speachless. What the heck does that mean? I could see the startup-config file on the firewall. I could do a "sh run" and see my running config. But I could not copy my running config to startup.

I tried a reboot but that only wiped out my config completely. I had to start over from scratch.

The solution was actually very simple.

Cisco has a built in file check utility to fix problems just like this. Many folks who are familiar with unix systems also know the file system check or fsck utility.

To fix this problem, from the command prompt run fsck...

asa# fsck disk0:

This of course assume that disck0: is your flash.

If this is successful you should see the following output:
asa# fsck of disk0: complete

You should now be able to save your config

asa# wr mem

Building configuration…

Cryptochecksum: 85ef8693 914a94f3 03a5bb9e 823bb285

80911 bytes copied in 4.60 secs (20227 bytes/sec) [OK]

If this still fails you need to contact Cisco TAc and get a replacement flash card

Here is the complete transaction in its entirety:

asa#copy run start

Source filename [running-config]?
Cryptochecksum: e958a84f 73198ab5 585c5a9f 9d39e3a8

%Error opening disk0:/.private/startup-config (Read-only file system)

asa# fsck disk0:
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Reclaimed 7 unused clusters (28672 bytes) in 2 chains.
Performing changes.
/dev/hda1: 76 files, 14623/15368 clusters

fsck of disk0: complete
asa# wr mem
Building configuration...
Cryptochecksum: b558388d cddfa287 d63f9b9a 10041e77

11870 bytes copied in 3.360 secs (3956 bytes/sec)
[OK]
asa#

I hope this helps you out as much as it did for me. I was tearing my hair out trying to figure out what was going on.

Until next time

FREAK!

Filed Under: Firewalls Tagged With: , , , , , ,

Basic Configuration Tutorial For the Cisco ASA 5505 Firewall

January 6, 2009 1 Comment
x
Bookmark

By Harris Andrea

The Cisco ASA 5505 Firewall is the smallest model in the new 5500 Cisco series of hardware appliances. Although this model is suitable for small businesses, branch offices or even home use, its firewall security capabilities are the same as the biggest models (5510, 5520, 5540 etc). The Adaptive Security technology of the ASA firewalls offers solid and reliable firewall protection, advanced application aware security, denial of service attack protection and much more. Moreover, the performance of the ASA 5505 appliance supports 150Mbps firewall throughput and 4000 firewall connections per second, which is more than enough for small networks.

In this article I will explain the basic configuration steps needed to setup a Cisco 5505 ASA firewall for connecting a small network to the Internet. We assume that our ISP has assigned us a static public IP address (e.g 200.200.200.1 as an example) and that our internal network range is 192.168.1.0/24. We will use Port Address Translation (PAT) to translate our internal IP addresses to the public address of the outside interface. The difference of the 5505 model from the bigger ASA models is that it has an 8-port 10/100 switch which acts as Layer 2 only. That is, you can not configure the physical ports as Layer 3 ports, rather you have to create interface Vlans and assign the Layer 2 interfaces in each VLAN. By default, interface Ethernet0/0 is assigned to VLAN 2 and it's the outside interface (the one which connects to the Internet), and the other 7 interfaces (Ethernet0/1 to 0/7) are assigned by default to VLAN 1 and are used for connecting to the internal network. Let's see the basic configuration setup of the most important steps that you need to configure.

Step1: Configure the internal interface vlan
------------------------------------------------------
ASA5505(config)# interface Vlan 1
ASA5505(config-if)# nameif inside
ASA5505(config-if)# security-level 100
ASA5505(config-if)# ip address 192.168.1.1 255.255.255.0
ASA5505(config-if)# no shut

Step 2: Configure the external interface vlan (connected to Internet)
-------------------------------------------------------------------------------------
ASA5505(config)# interface Vlan 2
ASA5505(config-if)# nameif outside
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address 200.200.200.1 255.255.255.0
ASA5505(config-if)# no shut

Step 3: Assign Ethernet 0/0 to Vlan 2
-------------------------------------------------
ASA5505(config)# interface Ethernet0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shut

Step 4: Enable the rest interfaces with no shut
--------------------------------------------------
ASA5505(config)# interface Ethernet0/1
ASA5505(config-if)# no shut

Do the same for Ethernet0/1 to 0/7.

Step 5: Configure PAT on the outside interface
-----------------------------------------------------
ASA5505(config)# global (outside) 1 interface
ASA5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0

Step 6: Configure default route towards the ISP (assume default gateway is 200.200.200.2
---------------------------------------------------------------------------------------------------------
ASA5505(config)# route outside 0.0.0.0 0.0.0.0 200.200.200.2 1

The above steps are the absolutely necessary steps you need to configure for making the appliance operational. Of course there are much more configuration details that you need to implement in order to enhance the security and functionality of your appliance, such as Access Control Lists, Static NAT, DHCP, DMZ zones, authentication etc.

For more information about Cisco products and solutions. You can also learn how to configure any Cisco ASA 5500 Firewall Here.  For more Cisco configuration examples and other related details about designing and implementing Cisco solutions: Cisco Tips and Tutorials.

Article Source: http://EzineArticles.com/?expert=Harris_Andrea

Filed Under: Firewalls