Using the ROMMON to load a new image on Cisco ASA Firewall
If for any reason the software image on your Cisco ASA appliance is corrupted and the device does not boot to normal operating mode, then you can load a new image using ROMMON (ROM monitor mode) and TFTP. Follow the steps below to get into ROMMON mode and then assign all necessary settings for uploading the new image file:
Step1: Connect to the ASA firewall using a console cable.
Step2: Power off the appliance and then power it on.
Step3: When the appliance starts, press the Escape key on your keyboard to force the appliance to enter ROMMON mode.
Step4: In ROMMON mode, configure all necessary settings for connecting to the TFTP server to load the new image. You need to connect a PC with TFTP server on a firewall port (e.g Ethernet0/0). Then enter the following commands on the ASA.
rommon #1> ADDRESS=192.168.1.10
rommon #2> SERVER=192.168.1.1
rommon #3> GATEWAY=192.168.1.1
rommon #4> IMAGE=asa800-232-k8.bin
rommon #5> PORT=Ethernet0/0
The above configuration will assign an IP address of 192.168.1.10 to interface Ethernet0/0 of the firewall appliance. It will also tell the firewall that the TFTP SERVER is at address 192.168.1.1 and the image to load is asa800-232-k8.bin
Step5: Execute the TFTP upload from the ASA using:
rommon #6> tftp
The above instructs the firewall to start uploading the image file from TFTP.
After the firewall reboots, login and check that the new image has been installed (show version)
Tagged with: asa rommon • asa tftp image • how to load new image using rommon
Filed under: Cisco ASA General
Like this post? Subscribe to my RSS feed and get loads more!
Thank you for your time writing this guide, it was very helpful. It works perfectly on my ASA5505.
James
Hello James,
Thanks for your feedback. I’m glad the guide was helpful to you.
Harris
Tried this but Ethernet0/0 link is down. Do you know how I can bring it up?
Which ASA model are you using? If its a higher end model (5520 and up) then the interface is Gigabitethernet and not Ethernet, so you need to specify the correct interface name in ROMMON
It’s the 5510. the commands work but the ethernet0/0 link is down.
Hello Alan,
Connect your PC with the TFTP server on a different Ethernet port (e.g Ethernet0/1) and use that in the ROMMON command.
My bad, I didn’t have the ip for my pc set correctly. This worked great. Thanks from us that are just learning and shoot ourselves in the foot.
Thnx Man, That helped a lot!!!!
thinx
ok where i find the image to download
You must have a contract with Cisco or from a reseller in order to be able to download the image
hi admin.i did what you wrote above.but after i boots normally but after i reboot again it tries to boot from tftp server.i want it to boot from disk0.how can do it?
i used the command copt tftp flash
but it shows following
ciscoasa# copy tftp flash
Address or name of remote host []? 192.168.1.1
Source filename []? asa804-23-k8.bin
Destination filename [asa804-23-k8.bin]?
Accessing tftp://192.168.1.1/asa804-23-k8.bin…
%Error opening tftp://192.168.1.1/asa804-23-k8.bin (No such device)
can any one help me?
shaig,
try the following command which tells the asa firewall to boot from the flash image:
ASA(config)#boot system flash:/asa804-23-k8.bin
Hi Admin,
I did all this and is still takes me back to rommon (asa5520)
ciscoasa# config t
ciscoasa(config)# boot system flash:/asa821-k8.bin
INFO: Converting flash:/asa821-k8.bin to disk0:/asa821-k8.bin
ciscoasa(config)#
ciscoasa# sho boot
BOOT variable = disk0:/asa821-k8.bin
Current BOOT variable = disk0:/asa821-k8.bin
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa# wr me
Building configuration…
Cryptochecksum: 6fe15315 a9d7c5a3 b9902e2e a43ee691
1653 bytes copied in 3.330 secs (551 bytes/sec)
[OK]
ciscoasa#
ciscoasa# dir disk0:
Directory of disk0:/
16 -rwx 16275456 12:45:54 Mar 04 2011 asa821-k8.bin
17 -rwx 14240396 12:46:48 Mar 04 2011 asdm-631(asa).bin
10 drwx 2048 12:46:58 Mar 04 2011 coredumpinfo
2 drwx 2048 13:04:20 Mar 04 2011 log
9 drwx 2048 13:04:28 Mar 04 2011 crypto_archive
63035392 bytes total (32485376 bytes free)
ciscoasa#reload
{twiddle fingers}
04 02 00 8086 1209 Ethernet 11
04 03 00 8086 1209 Ethernet 5
Evaluating BIOS Options …
Launch BIOS Extension to setup ROMMON
Cisco Systems ROMMON Version (1.0(10)0) #0: Fri Mar 25 23:02:10 PST 2005
Platform ASA5520
Management0/0
Ethernet auto negotiation timed out.
Interface-4 Link Not Established (check cable).
Default Interface number-4 Not Up
Use ? for help.
rommon #0> boot
Launching BootLoader…
Default configuration file contains 1 entry.
Searching / for images to boot.
No images in /
Error 15: File not found
unable to boot an image
Looks like you have either a corrupted image or you have stored the image in a different location in flash
I had the same problem, the way i fixed is by changing the config register to xxxf so the las byte had to be f so that it used the boot config to boot up.
Please help!
Use ? for help.
rommon #0> ADDRESS=192.168.1.20
rommon #1> SERVER=192.168.1.10
rommon #2> GATEWAY=192.168.1.1
rommon #3> IMAGE=asa825-k8.bin
rommon #4> PORT=Ethernet0/0
Ethernet0/0
i2c_write_byte_w_wait() error, slot = 0×0, device = 0×64, address = 128 byte count = 1. Reason: I2C_UNPOPULATED_ERROR
esw_reg_read: i2c_write_byte_w_wait(0) returned 0×6
Ethernet port 0 could not be initialized.
The problem could be related to two things:
1) change the port to Ethernet0/1 and connect the tftp server to that port.
2) maybe the ASA image file is corrupted.
How about to backup image using rommon?
Instructions to restore image lacking in information Do you have to type the = to get this to work?
Yes you have to use the “=” sign in order to enter the required information in the parameters
Can someone help me I have erased the Disk0: now i am trying to upload new image i getting the following error.
Received 16459776 bytes
Launching TFTP Image…
Cisco Security Appliance admin loader (3.0) #0: Mon Jan 11 14:23:33 MST 2010
Platform ASA5520
Loading…
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
open /dev/hda1:No such device or address
dosfsck(/dev/hda1) returned 1
mount: mounting /dev/hda1 on /mnt/disk0 failed: No such device or address
mount: mounting /dev/hda1 on /mnt/disk0 failed: No such device or address
Set ‘tap0′ persistent and owned by uid 0
IO memory 85360640 bytes
Processor memory 344436736, Reserved memory: 62914560 (DSOs: 0 + kernel: 62914560)
Total SSMs found: 0
Total NICs found: 7
mcwa i82557 Ethernet at irq 11 MAC: 001f.ca09.24b7
mcwa i82557 Ethernet at irq 5 MAC: 0000.0001.0001
Internal error. Crash dump information may not be read or written to flash
i82547GI rev00 Gigabit Ethernet @ irq11 dev 1 index 05 MAC: 0000.0001.0002
i82546GB rev03 Gigabit Ethernet @ irq09 dev 2 index 03 MAC: 001f.ca09.24bb
i82546GB rev03 Gigabit Ethernet @ irq09 dev 2 index 02 MAC: 001f.ca09.24ba
i82546GB rev03 Gigabit Ethernet @ irq09 dev 3 index 01 MAC: 001f.ca09.24b9
i82546GB rev03 Gigabit Ethernet @ irq09 dev 3 index 00 MAC: 001f.ca09.24b8
INFO: Unable to read firewall mode from flash
Writing defa
My device always show rommon0 on reboot.
I can get the bin file to the flash via tftpdnld,but when I try to save to disk on the ASA, i get the following error:
ciscoasa(config)# boot system flash:/asa843-k8.bin
“INFO: Converting flash:/asa843-k8.bin to disk0:/asa843-k8.bin
WARNING: BOOT variable added, but unable to find disk0:/asa843-k8.bin”
DIR disk0 shows:
ciscoasa(config)# dir
Directory of disk0:/
2 drwx 2048 20:40:23 Feb 17 2012 log
5 drwx 2048 20:40:39 Feb 17 2012 crypto_archive
10 drwx 2048 20:40:41 Feb 17 2012 coredumpinfo
12 -rwx 196 20:40:42 Feb 17 2012 upgrade_startup_errors_201202172040.log
127004672 bytes total (126976000 bytes free)
Here is the show run also:
interface Ethernet0/0
shutdown
!
interface Ethernet0/1
shutdown
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
interface Vlan1
no nameif
no security-level
no ip address
!
boot system disk0:/asa843-k8.bin
ftp mode passive
pager lines 24
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
!
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:59b2d0b09e74ff0d0a323de4c8972a54
: end
and the show version:
Cisco Adaptive Security Appliance Software Version 8.4(3)
Compiled on Fri 06-Jan-12 10:24 by builders
System image file is “tftp://10.0.0.109/ASA843-K8.BIN”
Config file at boot was “startup-config”
ciscoasa up 53 mins 38 secs
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0×0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Number of accelerators: 1
0: Int: Internal-Data0/0 : address is 0026.cb31.fe93, irq 11
1: Ext: Ethernet0/0 : address is 0026.cb31.fe8b, irq 255
2: Ext: Ethernet0/1 : address is 0026.cb31.fe8c, irq 255
3: Ext: Ethernet0/2 : address is 0026.cb31.fe8d, irq 255
4: Ext: Ethernet0/3 : address is 0026.cb31.fe8e, irq 255
5: Ext: Ethernet0/4 : address is 0026.cb31.fe8f, irq 255
6: Ext: Ethernet0/5 : address is 0026.cb31.fe90, irq 255
7: Ext: Ethernet0/6 : address is 0026.cb31.fe91, irq 255
8: Ext: Ethernet0/7 : address is 0026.cb31.fe92, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
The Running Activation Key is not valid, using default settings:
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
Inside Hosts : 10 perpetual
Failover : Disabled perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has a Base license.
Serial Number: JMX1336Z1GD
Running Permanent Activation Key: 0×00000000 0×00000000 0×00000000 0×00000000 0×00000000
Configuration register is 0×102002
Configuration last modified by enable_15 at 21:29:15.759 UTC Fri Feb 17 2012
Can anyone help??
TIA
Bruce
Bruce -
You are missing the ASA image in flash, once you tftpdnld you’ll need to “copy tftp: flash:” again to save it to flash. Then make sure the boot system parameter is set correctly and you should be good to go.
hi dears, very interested by the resolution of the problem.
but my asa 505 while trying to initialized the port , it refusing to get address. here is the prtsc:
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.
Ethernet0/0
i2c_write_byte_w_wait() error, slot = 0×0, device = 0×64, address = 128 byte count = 1. Reason: I2C_UNPOPULATED_ERROR
esw_reg_read: i2c_write_byte_w_wait(0) returned 0×6
Ethernet port 0 could not be initialized.
Default Interface number-0 Not Up
Use ? for help.
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0>
CISCO SYSTEMS
Embedded BIOS Version 1.0(12)13 08/28/08 15:50:37.45
Low Memory: 632 KB
High Memory: 251 MB
PCI Device Table.
Bus Dev Func VendID DevID Class Irq
00 01 00 1022 2080 Host Bridge
00 01 02 1022 2082 Chipset En/Decrypt 11
00 0C 00 1148 4320 Ethernet 11
00 0D 00 177D 0003 Network En/Decrypt 10
00 0F 00 1022 2090 ISA Bridge
00 0F 02 1022 2092 IDE Controller
00 0F 03 1022 2093 Audio 10
00 0F 04 1022 2094 Serial Bus 9
00 0F 05 1022 2095 Serial Bus 9
Evaluating BIOS Options …
Launch BIOS Extension to setup ROMMON
Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008
i2c_read_word_w_wait() error, slot = 0×0, device = 0×64, address = 134 byte count = 2. Reason: I2C_UNPOPULATED_ERROR
Platform ASA5505
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.
Ethernet0/0
i2c_write_byte_w_wait() error, slot = 0×0, device = 0×64, address = 128 byte count = 1. Reason: I2C_UNPOPULATED_ERROR
esw_reg_read: i2c_write_byte_w_wait(0) returned 0×6
Ethernet port 0 could not be initialized.
Default Interface number-0 Not Up
Use ? for help.
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0> ADDRESS=10.132.44.177
rommon #1> SERVER=10.129.0.30
rommon #2> GATEWAY=10.132.44.1
rommon #3> IMAGE=f1/asa722-k8.bin
rommon #4> PORT=Ethernet0/0
Ethernet0/0
i2c_write_byte_w_wait() error, slot = 0×0, device = 0×64, address = 128 byte count = 1. Reason: I2C_UNPOPULATED_ERROR
esw_reg_read: i2c_write_byte_w_wait(0) returned 0×6
Ethernet port 0 could not be initialized.
rommon #4> port=Ethernet0/0
Invalid or incorrect command. Use ‘help’ for help.
rommon #4> PORT=Ethernet0/5
Ethernet0/5
i2c_write_byte_w_wait() error, slot = 0×0, device = 0×64, address = 128 byte count = 1. Reason: I2C_UNPOPULATED_ERROR
esw_reg_read: i2c_write_byte_w_wait(0) returned 0×6
Ethernet port 5 could not be initialized.
rommon #4> Reason: I2C_UNPOPULATED_ERROR
Invalid or incorrect command. Use ‘help’ for help.
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4> reset
Rebooting….
CISCO SYSTEMS
Embedded BIOS Version 1.0(12)13 08/28/08 15:50:37.45
Low Memory: 632 KB
High Memory: 251 MB
PCI Device Table.
Bus Dev Func VendID DevID Class Irq
00 01 00 1022 2080 Host Bridge
00 01 02 1022 2082 Chipset En/Decrypt 11
00 0C 00 1148 4320 Ethernet 11
00 0D 00 177D 0003 Network En/Decrypt 10
00 0F 00 1022 2090 ISA Bridge
00 0F 02 1022 2092 IDE Controller
00 0F 03 1022 2093 Audio 10
00 0F 04 1022 2094 Serial Bus 9
00 0F 05 1022 2095 Serial Bus 9
Evaluating BIOS Options …
Launch BIOS Extension to setup ROMMON
Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008
i2c_read_word_w_wait() error, slot = 0×0, device = 0×64, address = 134 byte count = 2. Reason: I2C_UNPOPULATED_ERROR
Platform ASA5505
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.
Ethernet0/0
i2c_write_byte_w_wait() error, slot = 0×0, device = 0×64, address = 128 byte count = 1. Reason: I2C_UNPOPULATED_ERROR
esw_reg_read: i2c_write_byte_w_wait(0) returned 0×6
Ethernet port 0 could not be initialized.
Default Interface number-0 Not Up
Use ? for help.
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0>
rommon #0> ADDRESS=192.168.1.10
rommon #1> SERVER=192.168.1.1
rommon #2> GATEWAY=192.168.1.1
rommon #3> IMAGE=f1/asa722-k8.bin
rommon #4>
rommon #4> PORT=Ethernet0/0
Ethernet0/0
i2c_write_byte_w_wait() error, slot = 0×0, device = 0×64, address = 128 byte count = 1. Reason: I2C_UNPOPULATED_ERROR
esw_reg_read: i2c_write_byte_w_wait(0) returned 0×6
Ethernet port 0 could not be initialized.
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4>
rommon #4> PORT=Ethernet0/4
Ethernet0/4
i2c_write_byte_w_wait() error, slot = 0×0, device = 0×64, address = 128 byte count = 1. Reason: I2C_UNPOPULATED_ERROR
esw_reg_read: i2c_write_byte_w_wait(0) returned 0×6
Ethernet port 4 could not be initialized.
rommon #4>
rommon #4>
rommon #4> PORT=Ethernet0/6 0/7
Invalid PORT name argument, Valid arguments are:
Ethernet0/0
Ethernet0/1
Ethernet0/2
Ethernet0/3
Ethernet0/4
Ethernet0/5
Ethernet0/6
Ethernet0/7
PORT= ethernet interface port
rommon #4> PORT=Ethernet0/6
Ethernet0/6
i2c_write_byte_w_wait() error, slot = 0×0, device = 0×64, address = 128 byte count = 1. Reason: I2C_UNPOPULATED_ERROR
esw_reg_read: i2c_write_byte_w_wait(0) returned 0×6
Ethernet port 6 could not be initialized.
rommon #4> PORT=Ethernet0/7
Ethernet0/7
i2c_write_byte_w_wait() error, slot = 0×0, device = 0×64, address = 128 byte count = 1. Reason: I2C_UNPOPULATED_ERROR
esw_reg_read: i2c_write_byte_w_wait(0) returned 0×6
Ethernet port 7 could not be initialized.
rommon #4>
help me pliz !!!
I would suggest connecting a different computer directly to a cisco port (e.g port 0/1) and try again.It seams like a hardware problem. Maybe the speed and duplex of your current PC does not negotiate correctly with the ASA.
Hi Admin,
could you please help me,
I had the same issue with my asa 5505.
I tried to upload the image using rommon as specified above.
the problem is at any reload the asa can’t find an image.
wile checking I found that the path of boot is the following tftp://192.168.124.10/asa831-k8.bin which the tftp server I loaded the image from.
the problem is that when running show flash I get the following
ciscoasa# show flash
–#– –length– —–date/time—— path
3 2048 Aug 31 2012 05:30:18 log
6 2048 Aug 31 2012 05:30:30 crypto_archive
10 2048 Aug 31 2012 05:30:34 coredumpinfo
11 43 Aug 31 2012 05:30:34 coredumpinfo/coredump.cfg
127135744 bytes total (126844928 bytes free)
how could I store the image to the flash knowing that while trying to do it using copy tftp flash there was an error
ciscoasa# copy tftp flash
Address or name of remote host []? 192.168.124.10
Source filename []? asa831-k8.bin
Destination filename [asa831-k8.bin]?
Accessing tftp://192.168.124.10/asa831-k8.bin…
WARNING: TFTP download incomplete!
%Error reading tftp://192.168.124.10/asa831-k8.bin (Unspecified Error)
ciscoasa#
any suggestion please?
thank for this great forum.
Hello,
First remove the command that points the image to be on tftp://192.168.124.10/asa831-k8.bin . Remove this line from ASA config, save it and reboot.
Hi,
Thanks for the reply.
I tried to remove this line but I’ve got this:
ciscoasa# conf t
ciscoasa# conf terminal
ciscoasa(config)# no tftp://192.168.124.10/asa831-k8.bin
^
ERROR: % Invalid input detected at ‘^’ marker.
ciscoasa(config)#
the show run comand doesn’t show this line in the running-config file.
it’s only shown when using “show version” command.
the idea I’ve got is that when uploading the image using rommon, the file is uploaded to the RAM and not to the flash that’s why while rebooting, the asa doesn’t find an image for reboot.
any idea about storing the image to the flash instead of RAM?
or do you have any other suggestion?
Maybe the problem is the configuration register which determines how the ASA will boot. You can see the confreg at “show ver” command output.
You can change this register as shown below:
ASA(config)# config-register 0×01
Save and reboot.
I did that but nothing happened the firewall doesn’t boot since there is no image in the flash..
The idea is clear for me, using rommon to upload an image to the firewall.
this image is stored into RAM.
then I should be able to tftp the image to the flash using
ASA(config)# copy tftp flash (specifying the server and the file)
but this command doesn’t work. even I tried to upload an old config file to the running config and it also failed.
the solution is either to upload the image directly from rommon or to upload it to the RAM annd then use tftp server which fails until now with me.
do you have any idea why this command is blocked?
Thank you for the help,
I ‘ve changed my tftp soft and it functioned very well.
I would ask you about one thing more, the command “show version” shows that:
“The Running Activation Key is not valid”.
does this has an impact on the firewall?
what should I do in this case?
thanks a lot again.
never seen such an error before. Have you installed a non-official image?
Sorry for the late reply,
I downloaded the image from an asa used in another site of the entreprise I work in.
but it seems that the image is designated for asa k8 while the dammaged asa is K9. that’s why the activation key didn’t work.