# Cisco ASA5505 # Debug commands IPSEC ```cisco debug crypto ipsec 127 debug crypto ike-common 127 debug crypto isakmp 127 debug crypto ikev1 127 debug crypto ikev2 protocol 127 no debug crypto ipsec no debug crypto ike-common no debug crypto isakmp no debug crypto ikev1 no debug crypto ikev2 protocol ``` # Firmware upgrade Login into ASA (SSH or serial port) Provide 'enable' password ```bash enable ``` Prepare files on TFTP server. ```bash ping 192.168.74.128 copy tftp: disk0: dir ``` Perform change of booting image ```bash show version configure terminal dir show bootvar no boot system disk0:/asa845-k8.bin boot system disk0:/asa917-32-k8.bin exit write memory show run | include boot show bootvar reload show version ``` # Backup and restore configuration using Trivial File Transfer Protocol (TFTP) Run tftp server (pumkin on tftpd) Ensure tftp server is listening ```bash ping 192.168.74.129 ``` # Backup (from ASA) [![](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/scaled-1680-/RzkPa5uYKZNZGuQf-image-1763801956906.png)](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/RzkPa5uYKZNZGuQf-image-1763801956906.png) ```cisco copy running-config tftp://192.168.74.129 ``` [![](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/scaled-1680-/yjG7OhLn7OMk1SxQ-image-1763802041738.png)](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/yjG7OhLn7OMk1SxQ-image-1763802041738.png) On the server side: [![](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/scaled-1680-/9gWaxiQFyIb87dcM-image-1763802257073-1207.PNG)](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/9gWaxiQFyIb87dcM-image-1763802257073-1207.PNG) Rename config. [![](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/scaled-1680-/vge6nnSbCSbBdgdu-image-1763802558260-1212.PNG)](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/vge6nnSbCSbBdgdu-image-1763802558260-1212.PNG) # Restore (to ASA) - ensure the correct name of config exists before pulling it from target. - configuration will be applied immedeately (otherwise, use 'startup-config' as a destination file) ```cisco copy tftp://192.168.74.129/running-config.2025-09-20.2040.working running-config ``` [![](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/scaled-1680-/pCGOabp4d7SAixFs-image-1763802714006.png)](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/pCGOabp4d7SAixFs-image-1763802714006.png) Login and overwrite startup config, reboot if needed. ```cisco wr m reload ``` # Backup and restore configuration using Secure SHell (SSH) scp must be enabled ```cisco enable conf t ssh enable scopy ``` dump running-config into file ```cisco copy running-config flash:/running-config dir ``` SSH weak algorithms and ciphers need to be enabled ```bash vi ~/.ssh/config ``` config ``` Host 192.168.74.1 KexAlgorithms +diffie-hellman-group14-sha1 HostKeyAlgorithms +ssh-rsa Ciphers +aes256-cbc ``` Pull config (-O tells to use legacy SCP protocol instead of SFTP) ```bash scp -O r00t@192.168.74.1:running-config . ls -la ``` [![](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/scaled-1680-/njY5lr1iryC9YpWQ-image-1763826777428.png)](https://storage.googleapis.com/iau-data-dox/uploads/images/gallery/2025-11/njY5lr1iryC9YpWQ-image-1763826777428.png) Rename config for archive ```bash TODO ``` # Restore Push config ```bash TODO ```