Something is killing a number of Cisco ASAs (Adaptive Security Appliances) after 18 months, specifically ASA5508 and ASA5516 - it’s faulty register in some of them. Today we share the news behind the failure as well as an alternative to keep your system up and running at full capacity. We've also outlined two options for mitigating your faulty Cisco kit.
As detailed by The Register, the organization has discharged a field notice with the title “Field Notice: FN - 70476 - ASA5508 and ASA5516 Security Appliances Might Fail After 18 Months or Longer Due to a Damaged Component - Hardware Upgrade Required” in which it says that models ASA5508 and ASA5516 "may fail in Operation, following a year and a half or more, because of a harmed component in it."
Basically, the gadgets and the affected units were manufactured between 05-18-2017 and 08-25-2017 in which they experienced an assembling procedure issue that has prompted some of them to have a harmed resistor. The Cisco Advisory team addresses this, giving more subtleties on the issue;
"Security Appliances with a faulty resistor will work regularly on the installation and it disappointments are relied upon to increment over a long time starting after the unit has been in activity for around 18 months. When the security appliance has malfunctioned, the unit will not work anymore, won't boot, and isn't recoverable."
The Bugs Id in the Cisco database for this is mentioned below;
| Defect ID | Headline |
| CSCvt82285 |
ASA5508 and ASA5516 Might Fail After 18 Months or Longer Due to a Damaged Component |
So how you can find out that this is the problem with your model via symptoms?
Unfortunately, there is no workaround for the faulty appliance. Instead, the following is suggested:
This field notice gives the capacity to distinguish if the Serial number(s) of an appliance is affected by this issue. To check if your item is conceivably influenced by this issue, inspect the chassis serial number of the security appliance.
The chassis serial number can be acquired from the CLI or through a visual review of the security appliance. For units that are faulty because of this issue, a visual investigation of the security appliance or audit of the Sales Order documentation is required.
In the CLI of the ASA you just need to enter the command “show inventory”
The output will be as such:
asa> show inventory
Name: "Chassis", DESCR: "ASA 5508-X with FirePOWER services, 8GE, AC, DES"
PID: ASA5508 , VID: V01 , SN: JMXXXXXXXXD
Note The show version command should not be used in order to avoid Cisco bug ID CSCtz56314 (ASA5500-X Chassis Serial Number Not Visible from CLI).
The serial number information is located on the bottom surface of the appliance.
In order to verify your serial number(s), enter it in the Serial Number Validation Tool.
A separate Form must be filled out for each unique Ship to Address.
A unique Upgrade Order Reference Number will accommodate each Form submission and can be utilized to ask about request status.
Please enter one or more valid Serial Numbers into the Form.
You will receive an acknowledgement email immediately after submitting the Form with a Request #. Depending on material availability, both you AND the Customer email address will receive a confirmation email with Order# in 7 to 10 days. UMPIRE orders are proactive replacements and do NOT adhere to normal SLAs or Service Contracts.
NOTE: If your Ship to Address is in the accompanying countries, it would be ideal if you expect deferrals of as long as 3 months relying upon importation guidelines: Argentina, Brazil, Columbia, Mexico, Venezuela, India, All countries in Asia (for example Singapore, Malaysia, Hong Kong, China, Vietnam, Korea, Thailand, Philippines), and all non-EU countries (ie: UAE, Russia, Turkey). You will get your Order# around then. Much thanks to you for your understanding as this procedure is valuable for the client; it will spare them the expense of tank/obligation in these nations (which is exceptionally high).
On the off chance that you were provided a Sales Order Number for the shipment of your new parts, if you don't mind allude to the SO Status Tool (Please note: you should have a CCO User ID and Password to get to this site):
https://cisco-apps.cisco.com/cisco/psn/business
If you were given an RMA Number for the shipment of your replacement parts, please refer to the "Service Order QuickSearch" Tool at the following location (Please note: you must have a CCO User ID and Password to access this site):
http://tools.cisco.com/support/serviceordertool/home.svo
In the event that you have not gotten an email with an Order# following 10 days, please send an email with your Request#(s) and Customer in the Subject line to: umpire-escalations@cisco.com
The upgrade form is for the replacement is below:
Note: Fields marked with an asterisk (*) are required fields.
| Requester Information | |
|
*Name |
|
| *E-mail Address | |
| TAC SR Number | |
| Customer Shipping Information | |
| *Company | |
| *Address | |
| Address_line2 | |
| *City | |
| *State/Providence | |
| *ZIP/Postal Code | |
| *Country | |
| Product | Affected Product | *Quantity | *Serial#(2) | Replacement PID |
| ASA5508-FTD-K9 | ASA5508-K9 | |||
| ASA5508-K9 | ASA5508-K9 | |||
| ASA5508-K8 | ASA5508-K8 | |||
| ASA5516-FPWR-K9 | ASA5516-FPWR-K9 | |||
| ASA5516-FTD-K9 | ASA5516-FPWR-K9 | |||
| ASA5516-FPWR-K8 | ASA5516-FPWR-K8 |
| Customer Contact Information | |
| *First Name | |
| *Last Name | |
| *Phone(1) | Ext. |
| Fax(1) | Ext. |
| Upgrade Order Reference Number | Please provide a number that you can use when inquiring about order status |
| Notes | |
1 For phone and fax, include 011 and the country code outside North America.
2 The serial number input field for each Product ID can hold up to 4,000 characters, including commas and white space. For longer lists of serial numbers, please submit additional requests.
3 For customers in Japan only, please enter the building and the floor in the address field. Also, enter the contact person's name, the telephone number and the e-mail address in the appropriate fields.