PIX Software upgrade, versions

Unanswered Question
Jul 2nd, 2007
User Badges:


Is upgrade from 6.3.4 to 7.2.2 allowed and work well or i should upgrade like this: 6.3.4->7.0.x->7.1.x->7.2.x ?

in release notes for 7.2 i found:

The minimum software version required before performing an upgrade to PIX Version 7.1 is

PIX Version 7.0. If you are running a PIX version prior to PIX Version 6.2, you must first upgrade

to PIX Version 6.2 or PIX Version 6.3 before you can begin the upgrade to PIX Version 7.0.

no words about 7.2 :)

i think that 7.2 automaticaly convert my 6.3.x commands. I am right, am i ?

is any successfully stories about 6.3 to 7.2 upgrade (without 7.0 or 7.1 software) ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
srue Tue, 07/03/2007 - 04:18
User Badges:
  • Blue, 1500 points or more

I did a bunch of 6.3(5) to 7.2(x) upgrades, but I did them differently than how you want to. I backed up my 6.3 config then installed a fresh image of 7.2 code. After that, I copied/pasted the old config section by section into the newly upgraded PIX. This might take a little longer (how long depends on the complexity of your current config), but in the end, you have a cleaner migration.

There are some instances where you can't simply copy/paste, so you will have to enter some commands such as the following:

interface config

conduits should be converted to ACL's

no more fixup commands

and vpn tunnel groups.

I believe if you copy/paste in existing vpn configs, the 7.2 code will automagically convert them to the new syntax for you...i think.

icenterhq Tue, 07/03/2007 - 18:49
User Badges:

what about activation keys ? i have 3DES licenses. will 7.2.x use it ?

about VPN config i agree with you. i have only site-to-site and 7.2 automatically convert isakmp commands for VPN peer and passowrd for it. it converts it without info messages about it.

srue Tue, 07/03/2007 - 19:08
User Badges:
  • Blue, 1500 points or more

activation keys handle the upgrade just fine. as a precaution, copy down the key just in case. I once did a downgrade (albeit incorrectly) from 7.x to 6.x and it completely wiped out the activation key - which of course i hadn't thought of backing up.

icenterhq Thu, 07/05/2007 - 08:21
User Badges:

i have updated two devices today. 6.3.4 to 7.2.2.

All 6.3.4 commands was auto-transferred correctly: interfaces, vpn config, etc.

maybe cisco fix upgrade docs about required OS version before upgrade to 7.2 ? :)


This Discussion