Upgrade 515E from 6.3.4 to &7.2.2

Unanswered Question

While trying to upgrade, I received a timeout error using the copy TFTP command. I am unable to ping any internal host on the LAN from the PIX and cannot ping from any internal host to the PIX. All internal hosts still get internet access. Attached is the config file of the PIX. Any help is greatly appreciated!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
zulqurnain Thu, 02/08/2007 - 02:04


I believe you have two question which you want the answers for.

Q1. you cannot upgrade to 7.2.2 from 6.3.4, you get timeout error.

A1. Which tftp are you using? you can use solarwind TFTP server, it is very easy to use. also which ever TFTP you have, check if it is allowed to transmit as well as recevie usually by default TFTP server are only set to recevie.

Q2. You cannot PING from PIX or to PIX from LAN

A2. by default PIX deny all icmp traffic, therefore you can allow this by using correct ACL on your inside interface e.g

//to allow icmp on PIX inside interface

access-list acl_in permit icmp any any unreachable

access-list acl_in permit icmp any any time-exceeded

access-list acl_in permit icmp any any echo-reply

//to apply ACL to inside interface

access-group acl_in in interface inside

HTH, please rate if it do

Thanks for the help, but I still can't ping to or from the inside interface to or from the LAN after applying the ACL.

I use solarwind TFTP server and have updated the pix before and the settings are all correct for send and receive.

I do have a new HP 2824 switch between the PIX and TFTP - I do not know if this could be the problem or not.

Any help is greatly appreciated!

zulqurnain Fri, 02/09/2007 - 02:45


tell you what, first upgrade to 7 from 6.3, then go for 7.2


as for the icmp, do you think it's possible to connect to PIX using cross cable with a laptop and ping, as i don't know what sort of configuration you have on your HP switch. This would really eliminate the question of doubt.


jain.nitin Sun, 02/11/2007 - 04:32

Hi, I saw ur configuration. I suggest u to remove this command & check:- ip verify reverse-path interface inside

I hope after removing it u wud b able to ping. Regarding upgradation of Firewall OS from 6.x to 7.2, First update to 7.0 then go for 7.2.2. Before upgrading to 7.0 check the memory of ur firewall. U need atleast 128 Mb RAM if u hv UR license, & 64 MB if u have R license.


This Discussion