Cisco ASA5505

• Firmware upgrade
• Backup and restore configuration using Trivial File Transfer Protocol (TFTP)
• Backup and restore configuration using Secure SHell (SSH)

Firmware upgrade

Login into ASA (SSH or serial port)

Provide 'enable' password

enable

Prepare files on TFTP server.

ping 192.168.74.128
copy tftp: disk0:
dir

Perform change of booting image

show version
configure terminal
dir

show bootvar
no boot system disk0:/asa845-k8.bin
boot system disk0:/asa917-32-k8.bin

exit
write memory
show run | include boot
show bootvar

reload

show version

Backup and restore configuration using Trivial File Transfer Protocol (TFTP)

Run tftp server (pumkin on tftpd)

Ensure tftp server is listening

ping 192.168.74.129

Backup (from ASA)

copy running-config tftp://192.168.74.129

On the server side:

Rename config.

Restore (to ASA)

• ensure the correct name of config exists before pulling it from target.
• configuration will be applied immedeately (otherwise, use 'startup-config' as a destination file)

copy tftp://192.168.74.129/running-config.2025-09-20.2040.working running-config

Login and overwrite startup config, reboot if needed.

wr m
reload

Backup and restore configuration using Secure SHell (SSH)

scp must be enabled

enable
conf t
ssh enable scopy

dump running-config into file

copy running-config flash:/running-config
dir

SSH weak algorithms and ciphers need to be enabled

vi ~/.ssh/config

config

Host 192.168.74.1
    KexAlgorithms +diffie-hellman-group14-sha1
    HostKeyAlgorithms +ssh-rsa
    Ciphers +aes256-cbc

Pull config (-O tells to use legacy SCP protocol instead of SFTP)

scp -O r00t@192.168.74.1:running-config .
ls -la

Rename config for archive

TODO

Restore

Push config

TODO