Skip to main content

 

 

Cisco Defense Orchestrator

Custom URL Upgrade

When you upgrade your ASA with new ASA software and ASDM images, you can either use images that Cisco Defense Orchestrator (CDO) stores in its image repository or you can use images that you store in your own image repository. If your ASA does not have outbound access to the internet, maintaining your own image repository is the best option for upgrading your ASAs using CDO. 

CDO uses ASA's copy command to retrieve the image and copy it to the flash drive (disk0:/) of your ASA. In the Specify Image URL field you are providing the URL portion of the copy command.  For example, if the whole copy command would have been:

ciscoasa# copy ftp://admin:adminpass@10.10.10.10/asa991-smp-k8.bin disk:/0

 You are providing:

ftp://admin:adminpass@10.10.10.10/asa991-smp-k8.bin  

in the Specify Image URL field.

CDO supports http, https, ftp, tftp, smb, and scp methods of retrieving the upgrade image.

URL Syntax examples

Here are examples of URL syntax for the ASA copy command. For the sake of these URL examples, assume the following:

  • Image repository address: 10.10.10.10
  • Username to access the image repository: admin
  • Password: adminpass
  • Path: images/asa
  • Image filename: asa991-smp-k8.bin

http[s]:// [[ user [ : password ] @ ] server [ : port ] / [ path / ] filename ]

https://admin:adminpass@10.10.10.10:8080/images/asa/asa991-smp-k8.bin
HTTP[s] example without a username and password:
https://10.10.10.10:8080/images/asa/asa991-smp-k8.bin

ftp:// [[ user [ : password ] @ ] server [: port ] / [ path / ] filename [ ;type= xx ]]—The type can be one of these keywords: ap (ASCII passive mode), an (ASCII normal mode), ip(Default—Binary passive mode), in (Binary normal mode).

ftp://admin:adminpass@10.10.10.10:20/images/asa/asa991-smp-k8.bin
FTP example without a username and password:
ftp://10.10.10.10:20/images/asa/asa991-smp-k8.bin

tftp:// [[ user [ : password ] @ ] server [ : port ] / [ path / ] filename [ ;int= interface_name ]]

tftp://admin:adminpass@10.10.10.10/images/asa/asa991-smp-k8.bin outside
TFTP example without a username and password:
tftp://10.10.10.10/images/asa/asa991-smp-k8.bin outside

Note: The pathname cannot contain spaces. If a pathname has spaces, set the path in the tftp-server command instead of in the copy tftp command. The ;int= interface option bypasses the route lookup and always uses the specified interface to reach the TFTP server.

smb:/[[ path / ] filename ] - Indicates a UNIX server local file system. 

smb:/images/asa/asa991-smp-k8.bin

scp:// [[ user [ : password ] @ ] server [ / path ] / filename [ ;int= interface_name ]]—The;int= interface option bypasses the route lookup and always uses the specified interface to reach the Secure Copy (SCP) server.

scp://admin:adminpass@10.10.10.10:8080/images/asa/asa991-smp-k8.bin outside 
SCP example without a username and password:
scp://10.10.10.10:8080/images/asa/asa991-smp-k8.bin outside 

The complete copy command with URL syntax in the Cisco ASA Series Command Reference, A - H Commands guide. 

See ASA and ASDM Upgrade Prerequisites for more information about upgrading ASA and ASDM images using a custom URL.