Guest

Cisco ASA 5500-X Series Next-Generation Firewalls

Field Notice: FN - 63521 - ASA5500-X Appliance - Units shipped without default configuration - Special commands required

Field Notice: FN - 63521 - ASA5500-X Appliance - Units shipped without default configuration - Special commands required

September 14, 2012


NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision Date Comment
1.0
14-SEP-2012
Initial Public Release

Products Affected

Products Affected
5545 - ASA5545-CU-2AC-K9
5545 - ASA5545-IPS-K8
5545 - ASA5545-IPS-K9
5545 - ASA5545-K7
5545 - ASA5545-K8
5545 - ASA5545-K9
5555 - ASA5555-CU-2AC-K9
5555 - ASA5555-IPS-K8
5555 - ASA5555-IPS-K9
5555 - ASA5555-K7
5555 - ASA5555-K8
5555 - ASA5555-K9
5512 - ASA5512-IPS-K8
5512 - ASA5512-IPS-K9
5512 - ASA5512-K7
5512 - ASA5512-K8
5512 - ASA5512-K9
5515 - ASA5515-IPS-K8
5515 - ASA5515-IPS-K9
5515 - ASA5515-K7
5515 - ASA5515-K8
5515 - ASA5515-K9
5525 - ASA5525-CU-K9
5525 - ASA5525-IPS-K8
5525 - ASA5525-IPS-K9
5525 - ASA5525-K7
5525 - ASA5525-K8
5525 - ASA5525-K9

Problem Description

ASA 5500-X security appliances that shipped from March 16, 2012 through June 11, 2012 contain the incorrect factory default configuration. This requires the user to follow special procedures for system initialization.

Background

The ASA 5500-X appliances shipped from March 16, 2012 through June 11, 2012 were not loaded with the correct factory default configuration and must be initialized using special commands. The procedures contained in the Quick Start Guide are insufficient to properly initialize the affected units.

Problem Symptoms

Users attempting to initialize the affected ASA 5500-X appliances using the Quick Start Guide will observe that the management 0/0 ports are in the down/down condition. In addition, ASDM for on box management is not accessible.

Workaround/Solution

The factory default configuration can be applied using the following command:

asa# config factory-default

Note that the ASA 5515-X appliance does not support the command above due to Cisco bug ID CSCtz73669. The unit must be restored to the factory default configuration using the command series shown below.

asa# config t
clear config all
!
interface management0/0
nameif management
ip address 192.168.1.1 255.255.255.0
security-level 100
no shutdown
!
http server enable
http 192.168.1.0 255.255.255.0 management
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
logging asdm informational

How To Identify Hardware Levels

All ASA 5500-X security appliances that shipped from March 16, 2012 through June 11, 2012 are affected.

The chassis serial number can be obtained by using either the CLI or through visual inspection of the ASA 5500-X appliance as shown below.

1) Using the Command Line Interface (CLI) - For appliances running ASA 8.6.1.2 and later, obtain the chassis serial number of the appliance using the show inventory command:

asa# show inventory
Name: "Chassis", DESCR: "ASA5525-X with SW, 8 GE Data, 1 GE Mgmt, AC"
PID: ASA5525 , VID: V01 , SN:FTX1234ABCD

2) Visual inspection of the ASA 5500-X appliance - The chassis serial number label is located on the rear of the appliance. This method must be used if the unit is running ASA 8.6.1.1. The chassis serial number may also be referenced on the sales order documentation.


Please use the following link to validate your ASA 5500-X appliance serial number(s).

Cisco Serial Number Validation Tool

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.