误删Cisco IOS文件恢复
rommon #1> ?Variables: Use "sync" to store in NVRAM
ADDRESS= local IP address
CONFIG= config file path/name
GATEWAY= gateway IP address
IMAGE= image file path/name
LINKTIMEOUT= Link UP timeout (seconds)
PKTTIMEOUT= packet timeout (seconds)
PORT= ethernet interface port
RETRY= Packet Retry Count (Ping/TFTP)
SERVER= server IP address
VLAN= enable/disable DOT1Q tagging on the selected port
rommon #2> ADDRESS=192.168.0.2 (因为是TFFP上传,所以防火墙设置为客户机)
rommon #3> GATEWAY=192.168.0.1 (网关)
rommon #4> IMAGE=asa802-k8.bin (导入IOS的名称)
rommon #5> SERVER=192.168.0.1 (服务器IP,也就是你的PC)
rommon #6> sync (保存)
Updating NVRAM Parameters...
rommon #7> ping 192.168.0.1
Sending 20, 100-byte ICMP Echoes to 192.168.0.1, timeout is 4 seconds:
?!!!!!!!!!!!!!!!!!!!
Success rate is 95 percent (19/20)
确认线路是否连通,开启TFTP软件 (这里说明下我测试是ASA5505 所以接的E0/0口。不知道设备该接什么口可以用set看“PORT=Ethernet0/0”)
rommon #8> tftpdnld (上传)
ROMMON Variable Settings:
ADDRESS=192.168.0.2
SERVER=192.168.0.1
GATEWAY=192.168.0.1
PORT=Ethernet0/0
VLAN=untagged
IMAGE=asa802-k8.bin
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20
tftp asa802-k8.bin@192.168.0.1 via 192.168.0.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
导入后设备重启,现在有了IOS 能进去
Type help or '?' for a list of available commands.
ciscoasa> en
但现在IOS也没有装入设备,而是从tftp引导启动设备,断开TFTP服务器就会从新进入监控模式。这一点当设备启动完毕后可以用show version命令看到:
System image file is "tftp://192.168.0.1/asa802-k8.bin"
现在需要把IOS存入设备,但是现在防火墙和PC已经不能通信
ciscoasa# ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
No route to host 192.168.0.1
Success rate is 0 percent (0/1)
因为刚才是在监控模式下,现在需要配置让PC和防火墙从新通信(具体型号具体设置,下面已我手上的5505为例)
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 192.168.0.2 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
现在测试
ciscoasa# ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
已经能通信,下面拷贝IOS和ASDM存入设备
ciscoasa# copy tftp://192.168.0.1/asa802-k8.bin disk0:/asa802-k8.bin
Address or name of remote host ?
Source filename ?
Destination filename ?
Accessing tftp://192.168.0.1/asa802-k8.bin. ... !!!!!!!!!!!!!!!!!!!
因为删除的是flash 现在还需要导入ASDM (注意ASDM和IOS的兼容,不兼容如下图)
进行ciscoasa# copy tftp://192.168.0.1/asa802-k8.bin disk0:/asa802-k8.bin一直报错。
ciscoasa# show flash:
Initializing disk0: cache, please wait...Failed (Invalid DOS media or no media in slot error).
%Error show flash: (Failed to initialize the Inode table)
ciscoasa# dir disk0:
%Error opening disk0:/ (Invalid DOS media or no media in slot)
ciscoasa# fsck flash:
Initializing disk0: cache, please wait...Failed (Invalid DOS media or no media in slot error).
Internal error, inode table initialization for flash: failed with error Invalid DOS media or no media in slot
%Error checking flash: (Invalid DOS media or no media in slot)
WARNING: Restoring security context mode failed.
最后使用ciscoasa# format flash: 命令后正常。
ciscoasa# copy tftp://192.168.0.1/asdm-602.bin disk0://asdm-602.bin
Address or name of remote host ?
Source filename ?
Destination filename ?
Accessing tftp://192.168.0.1/asdm-602.bin.. ... !!!!!!!!!!!!!!!!!!!
现在可以看见IOS以后在设备上
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 8.2(1)
Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"
ciscoasa# show flash:
--#-- --length-- -----date/time------ path
3 4096 Aug 26 2009 17:41:50 log
10 4096 Aug 26 2009 17:41:56 crypto_archive
11 4096 Aug 26 2009 17:59:06 coredumpinfo
12 43 Aug 27 2009 09:13:02 coredumpinfo/coredump.cfg
78 16275456 Aug 26 2009 18:07:50 asa802-k8.bin
80 7598456 Aug 27 2009 09:05:54 asdm-602.bin
设置启动文件
ciscoasa (config)# boot system disk0:/asa802-k8.bin 设置IOS
ciscoasa (config)# asdm image disk0:/asdm602.bin 设置ASDM
ciscoasa (config)#>
页:
[1]