Guest

Cisco ASA 5500-X Series Next-Generation Firewalls

Field Notice: FN - 62832 - Power-On Failure on Some ASA5505 Adaptive Security Appliance Systems


Revised September 12, 2008
August 10, 2007


NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

   
Revision Date Comment
1.2 12-SEP-2008 Removed Upgrade Form and references to the form, updated Workaround/Solution section accordingly.
1.1 12-OCT-2007 Updated link to Validation Tool
1.0 10-AUG-2007 Initial Public Release

Products Affected

Products Affected Comments
ASA5505-50-BUN-K8
ASA 5505 Appliance with SW, 50 Users, 8 ports, DES
ASA5505-50-BUN-K9
ASA 5505 Appliance with SW, 50 Users, 8 ports, 3DES/AES
ASA5505-BUN-K9
ASA 5505 Appliance with SW, 10 Users, 8 ports, 3DES/AES
ASA5505-K8
ASA 5505 Appliance with SW, 10 Users, 8 ports, DES
ASA5505-SEC-BUN-K8
ASA 5505 Sec Plus Appliance with SW, UL Users, HA, DES
ASA5505-SEC-BUN-K9
ASA 5505 Sec Plus Appliance with SW, UL Users, HA, 3DES/AES
ASA5505-SSL10-K8
ASA 5505 VPN Edition w/ 10 SSL Users, 50 Firewall Users, DES
ASA5505-SSL10-K9
ASA 5505 VPN Edition w/ 10 SSL Users, 50 FW Users, 3DES/AES
ASA5505-SSL25-K8
ASA 5505 VPN Edition w/ 25 SSL Users, 50 Firewall Users, DES
ASA5505-SSL25-K9
ASA 5505 VPN Edition w/ 25 SSL Users, 50 FW Users, 3DES/AES
ASA5505-UL-BUN-K8
ASA 5505 Appliance with SW, UL Users, 8 ports, DES
ASA5505-UL-BUN-K9
ASA 5505 Appliance with SW, UL Users, 8 ports, 3DES/AES

Problem Description

Cisco has identified an issue where some Cisco ASA 5505 units fail to power on after a powercycle or during normal operations. When the failure occurs, the units become unresponsive and are unable to recover from the failure. A majority of Cisco ASA 5505 units do not exhibit this problem. The ones that do exhibit this problem have been seen to do so from within the first 30 days of installation.

Background

A higher than normal failure rate was observed on a single component from one supplier. Cisco stopped using the component from this supplier as soon as the problem was identified. This component is sourced from multiple suppliers and therefore majority of Cisco ASA 5505 units are not affected by this problem.

Problem Symptoms

When this problem occurs, there is no console connection, LED or any other electronic activity.
The unit becomes completely unresponsive.

Workaround/Solution

Cisco recommends a fix-on-fail strategy for this problem.

As of approximately June 01, 2007, new products that were manufactured under Engineering Change Order (ECO) E088917 are guaranteed to be free of this problem. Refer to How to Identify Hardware Levels below for instructions on how to view the version of in-service product.

Customers should first verify if their ASA5505(s) are affected by this problem. The Serial Number Validation Tool under the How to Identify the Hardware Levels section of this field notice can be used to verify if your ASA 5505(s) are affected.

If your Cisco ASA5505(s) are affected, Service Logistics has known-good inventory at this time. The standard RMA process and delivery times are in effect.

Use the linked Serial Number Validation Tool to verify if your ASA 5505(s) are affected.

Note: Products that fall outside the affected serial number range are not affected.

How To Identify Hardware Levels

The serial number (SN) of the Cisco ASA 5505 can be found on the bottom of the unit or via the show version command. Valid unit serial numbers start with either "888" or "JMX". If your serial number begins with "888," your unit is not affected. If your serial number begins with "JMX", but the next four digits of the SN is less than 1101 or greater than 1112 - for example, JMX1050xxxx or JMX1115xxxx - then your unit is not affected. If these four digits are any number between 1101 and 1112 inclusive, please use the Serial Number Validation Tool to further determine whether your unit is affected.
In addition, please note that we have observed Cisco ASA 5505 units that exhibit this problem do so within the first 30 days of installation. If you have not experienced any failures, it may not be neccessary to replace your units.

Please use the following tool to validate your serial number(s).
Cisco ASA 5505 Power-On Failure Serial Number Validation Tool

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.