Hi Vibhor,

I followed the Cisco upgrade procedure yesterday in monitor mode, no joy, after entring the address ip, server ip then try to ping the server IP from monitor mode, it was abortive. I can ping the server IP address when the PIX is in enable mode but can not ping the server when in monitor mode. As Cisco advice "If you are upgrading from an existing PIX 515 or a PIX 535 with PDM installed, you MUST upgrade from monitor mode.

I have PDM installed on the pix 535.

How can I remove the PDM from the flash and upgrade the PIX in a normal mode?

what command do i need to use to delete the PDM Binary Image?

I have 16 MB flash in my PIX, below is the flashfs on my PIX, I believe if I can remove the PDM Image of 3M on my flash, I should be able to get the Image on my Pix, at the moment if I do copy tftp flash, the PIX will tell me insufficient space on my flash. Removing the PDM image will do the job

flash file system: version:3 magic:0x12345679

file 0: origin: 0 length:1941560

file 1: origin: 1966080 length:15739

file 2: origin: 2097152 length:1933

file 3: origin: 2228224 length:3152452

file 4: origin: 0 length:0

file 5: origin: 8257536 length:308

Please tell me how to remove the PDM image. I dont need it since I will be using the Cisco ASDM that come with the 7.2(2).

Thanks

Hello,

Unfortunately, once you have PDM installed, theres no way to delete/uninstall it so you don't have to go to monitor mode to upgrade.

Make sure that when in monitor mode you've specified a gateway and can ping that. If you can't, try changing the interface being used. If I remember correctly, you *have* to use one of the fast ethernet interfaces, not the gigabit, in order for this to work (monitor mode isn't smart enough to use gigabit ethernet)

Simples way may be to bring your laptop out to the firewall and hook it up via cross-over cable to a fast ethernet interface (if you're using gigabit and not the fast ethernet interfaces) and do it that way.

--Jason

Please rate this message if it helped solve some/all of your issue or question.

Hi Jason,

Thanks for your advice, that's right Cisco said you need to use interfaces from slots 4 to 8 from bus 2. I tried that, it did not work.

When I was at the monitor mode I typed the following

interface 4, the Pix return with this info.

please use interface 0 or 1

if I type interface e4, the pix return with a timeout message

If I type

interface 1, the pix accept this and I do the following from monitor mode

address 192.168.83.1

server 192.168.83.6

"server is directly connected to Pix interface 1"

ping 192.168.83.6

The ping fail. If the ping fail I can not do tftp.

Can I ask you this question, when you are in the monitor mode, does this pix still uses its running config or it should take and use the ip address had entered in the monitor mode?.

From your reply, you said once PDM installed, there is no way to delete/uninstall this. What does these command do:

flashfs downgrade 5.x

If I want to format the flashfs, what command do I need to use.

Thanks

Hello Simi,

Jason is correct in saying that there is no official way of deleting PDM once installed, but I have a workaround for you .. :-) Its not documented anywhere but it works.

Here is the procedure on how you can delete the PDM file from your PIX-

- You need a valid PDM image

- A TFTP server, which you already have.

(In the procedure below, refer to my comments marked by ##)

pix(config)# sh flash

flash file system: version:3 magic:0x12345679

file 0: origin: 0 length:1978424

file 1: origin: 2097152 length:6961

file 2: origin: 2228224 length:8506

file 3: origin: 2359296 length:3152452

file 4: origin: 5636096 length:131072

file 5: origin: 8257536 length:308

pix(config)# copy tftp flash:pdm

Address or name of remote host []?

Source file name []?

copying tftp://192.168.16.25/pdm-304.bin to flash:pdm

[yes|no|again]? yes

## Executing above will first start erasing the PDM image.

Erasing current PDM file

Writing new PDM file

## As soon as you see the writing message, shut down you TFTP application

!!!tftp: Timed out during transfer

Erasing partial PDM file

PDM file not installed.

## Now check your flash and PDM is gone.

pix(config)# sh flash

flash file system: version:3 magic:0x12345679

file 0: origin: 0 length:1978424

file 1: origin: 2097152 length:6961

file 2: origin: 2228224 length:8506

file 3: origin: 2359296 length:0

file 4: origin: 5636096 length:131072

file 5: origin: 8257536 length:308

Now you may try upgrading directly from enable mode. Apart from this, here is the answer to your question "when you are in the monitor mode, does this pix still uses its running config or it should take and use the ip address had entered in the monitor mode?."-

Monitor mode does not use the settings from the running config. It uses the IP address you specify when in monitor mode.

I hope this helps.

Regards,

Vibhor.

Hi Vibhor,

Thanks for your advice, from the output below, I carried out the task you asked me to perform, that worked you can see from my sh flash command that I have nothing in the pdm flash partition, after doing this I tried to copy the pix722.bin file and I am still having problem doing this, I get "Insufficient flash space available for this request" error.

Also remember I have 16M flash, is this the problem? Looking at the flash, I hardly have up to 2.5M of data in it and the Pix Image is like 8M which I think the flash should be sufficient to hold it.

This is in an Active/Standby mode setup and I am working on the Standby pix, but it's not in production yet, want to upgrade these pix's before going into production.

What is the way forward please.

Thanks

pix# sh flash

flash file system: version:3 magic:0x12345679

file 0: origin: 0 length:1941560

file 1: origin: 1966080 length:15786

file 2: origin: 2097152 length:1933

file 3: origin: 2228224 length:0

file 4: origin: 0 length:0

file 5: origin: 8257536 length:308

pix# copy tftp flash

Address or name of remote host [0.0.0.0]? 192.168.83.8

Source file name [cdisk]? pix722.bin

copying tftp://192.168.83.8/pix722.bin to flash:image

[yes|no|again]? yes

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

OUTPUT SURPRESSED

Received 8312832 bytes

Erasing current image

Insufficient flash space available for this request:

Size info: request:8224824 current:1941560 delta:6283264 free:6029312

Image not installed

pix#

I am really disappointed that non of the Cisco firewall guru can look into this problem and solve it. The problem has been outstanding for days now and no update yet. If this can not be looked into/solved please close the call.

Hello,

The problem is that in the 6.x version of code it only recognizes the first 8 megs of flash. Even erasing PDM, that only leaves you with 6 meg free - and the 722 image is over 8 megs, so it's not going to work.

Try using pix701 code which is smaller (5 megs) and should work, assuming you have 6 megs actually free. Then upgrade from there (7.x code recognizes the 16meg of flash) to 7.22

--Jason

Please rate if this helped solve some/all of your issue.

if pix in monitor mode, OS not loaded and config not parsed. you must enter ip\server\filename\gateway for software upgrade.

after that new OS will parse config. after you check\fix config you must upload new OS to the flash and set system boot image.

i upgrade 4 pix 515E about 2 weeks ago, all with PDM installed. One of them was upgraded via internet. Stuff in office connect PC with freebsd to the pix console and freebsd was connected to the internet. Image was uploaded from inside interface via TFTP.