Cisco ASA rommon – Error 15: File not found unable to boot an image:
The above error could be occurring on startup because the ASA didn’t have a boot file image, loaded with the wrong boot image or configured to boot from unavailable source. It might also be a hardware issue with the ASA like a bad flash which means you would have to take it with Cisco or a hardware support provider!
The following instructions will walk you through how to configure the ASA in rommon to boot from a TFTP server, load it to normal mode, copy boot image file from TFTP to ASA again, and then re-load it to boot normally.
– We will assign the ASA Ethernet 0/0 IP 10.1.1.200.
– The name of the Cisco ASA Image file that will be uploaded to the ASA through TFTP is asa-k9.bin.
– Connect the ASA ethernet 0/0 and your computer ethernet to the same network switch.
– Download and install a free TFTP server on your computer and put the asa image asa-k9.bin on the root directory of the tftp server. TFTP server is a very simple software that you can google and download one. www.solarwinds.com has one for instance.
– The ASA and computer are connected to the same network. We are going to use Ethernet0/0 of the asa. The IP Address of TFTP Server (your machine) will be 10.1.1.100 (So you need to manually assign your machine the IP Address 10.1.1.100 and Subnet Mask 255.255.255.0 – No need to assign a gateway or a DNS)
Connect your computer through console to ASA, while the firewall is booting and once you are prompted to “Use BREAK or ESC to interrupt boot”, hit escape and that takes you to rommon: (rommon is like Safe Mode in Windows). Start typing the following:
rommon #0> PORT=ETHERNET0/0
Link is UP MAC Address: 0005-9858-df5g-e21d
rommon #1> ADDRESS=10.1.1.200
rommon #2> SERVER=10.1.1.100
rommon #3> GATEWAY=10.1.1.100
rommon #4> IMAGE=asa-k9.bin
rommon #5> tftp
Booting starts automatically…
Go into enable mode with blank password
Go to the Config Mode
ciscoasa# Conf t
You might want to format the flash here. Formatting the flash will erase everything on it including OS images and config files which means you will need to load IOS (as explained below). And after you boot normally, you will need to manually reconfigure the asa unless you have a backup configuration to work with.
ciscoasa(config)# format flash
ciscoasa(config)# wr mem
Assign an IP Address to the firewall, default route and copy image file from TFTP:
ciscoasa(config)# interface ethernet 0/0
ciscoasa(config-if)# ip address 10.1.1.200 255.255.0.0
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# nameif inside
ciscoasa(config-if)# security-level 100
ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 10.1.1.200
ciscoasa(config)# copy tftp: flash:
ciscoasa# write mem
Find out the config register of the ASA, change it to 0x1 to make sure it boots up from flash not TFTP and change boot file name to match the one uploaded to ASA.
ciscoasa# show version
Look toward the end of “show version” and you should see something similar to:
Configuration register is 0x2014
Change Config-Register to 0x1
ciscoasa#(config)> config-register 0x1
ciscoasa#(config)>boot system flash:/asa-k9.bin (if you have different .bin image name, update it here)
Save and reboot.
This will restart the ASA.
If you find this article helpful, please send me a note to Mike@bostonIT.com so I can keep on adding more hands-on knowledgebase articles.