NGFW IOS to/from ASA IOS

**** Change FP2100 to ASA or back to firepower ****

————————————————————————

— default login

admin
Admin123

****************************************

Step 1 — Change Management interface IP

connect ftd

> configure network ipv4 manual 172.19.112.17 255.255.255.0 172.19.112.1
> write
> Exit

Step 2 — Go to Management interface to see change

connect local-mgmt
local-mgmt # show mgmt-ip-debug

Step 3  — Test to see if you can ping ftp or tftp server you will be using

local-mgmt # ping 172.19.112.20

Use the below command to stop the ping

local-mgmt # ctrl + shift + c
local-mgmt # exit

Step 4 — If ping was good time to download the new image

Makes sure you are out of the local-mgmt # and back to main #

scope firmware

firepower /firmware # download image ftp://username@172.19.112.20/cisco-asa-fp2k.9.12.2.SPA

or

firepower /firmware # download image usbA:cisco-asa-fp2k.9.12.2.SPA

or

firepower /firmware # download image tftp://example.cisco.com/cisco-asa-fp2k.9.12.2.SPA

Step 5 — To check the progress of download

firepower /firmware # show download-task detail

Output

Download task:
    File Name: cisco-asa-fp2k.9.12.2.SPA
    Protocol: Usb A
    Server:
    Port: 0
    Userid:
    Path:
    Downloaded Image Size (KB): 361835
    Time stamp: 2019-11-23T16:25:35.535
    State: Downloaded
    Status: Successful unpack the image
    Transfer Rate (KB/s): 11307.343750

Step 6 — Show the version was downloaded

firepower /firmware #  show package

Name                                          Package-Vers
——————————————— ————
cisco-asa-fp2k.9.12.2.SPA                     9.12.2
cisco-ftd-fp2k.6.3.0-83.SPA                   6.3.0-83

Step 7 — After you checked the downloaded now install the image

firepower /firmware #scope auto-install
firepower /firmware/auto-install # install security-pack version 9.12.2

Output

The system is currently installed with a security software package 6.3.0-83, which has:
   – The platform version: 2.4.1.216
   – The CSP (ftd) version: 6.3.0.83
If you proceed with the upgrade 9.12.2, it will do the following:
   – upgrade to the new platform version 2.6.1.141
   – reimage the system from CSP ftd version 6.3.0.83 to the CSP asa version 9.12.2
During the upgrade, the system will be reboot
Do you want to proceed ? (yes/no):yes

This operation upgrades firmware and software on Security Platform Components
Here is the checklist of things that are recommended before starting Auto-Install
(1) Review current critical/major faults
(2) Initiate a configuration backup

Attention:
   If you proceed the system will be re-imaged. All existing configuration will be lost,
   and the default configuration applied.
Do you want to proceed? (yes/no):yes

Triggered the install of software package version 9.12.2
Install started. This will take several minutes.
For monitoring the upgrade progress, please enter ‘show’ or ‘show detail’ command.

Broadcast message from root@firepower (Sat Nov 23 16:33:50 2019):

The system is going down for reboot NOW!

Threat Defense System: CMD=-stop, CSP-ID=cisco-ftd.6.3.0.83__ftd_001_JMX2343Z02KNE9I0U1, FLAG=”
Cisco FTD stopping …

Note:  The chassis installs the image and reboots.This process, including reloading, can take approximately 30 minutes.

Step 8 – Cisco Firepower will revert back to the default login

firepower-2110 login: admin
Password: Admin123

Step 9 –  Move to the ASA partition

firepower-2110# connect asa


ciscoasa> enable
The enable password is not set.  Please set it now.
Enter  Password: ********
Repeat Password: ********
Note: Save your configuration so that the password persists across reboots
(“write memory” or “copy running-config startup-config”).

ciscoasa# wr
Building configuration…
Cryptochecksum: e5c4b454 8333a803 249fab14 ebac8577

8326 bytes copied in 0.860 secsPlatform does not support appliance mode configuration.

[OK]
ciscoasa#

Powered by BetterDocs

Leave a Reply