PIX515 Console Access & IOS Upgrade

Unanswered Question
Jul 10th, 2007

Hello everybody,

i'm new into the whole PIX thing, so i'm sorry if my question seems to be "easy". :-)

I was looking at the config of a PIX where i need to do a upgrade of the IOS and the ASDM via CLI. If i compare it to a router, where i know what i'm doing, it seems to be quite different.

On a router i would get access via the console, get connection to a TFTP server that i'm connection to the LAN interface and start the upgrade via "copy tftp flash".

In regards of the PIX i have now a few question marks?

How do i get console access, do i need to configure something in order to get it granted?

Can i also simply plug a PC to the inside interface and start the TFTP session or is there usually something blocking it?

Thanks a lot in advance,

Andy

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
vitripat Tue, 07/10/2007 - 08:20

You can get console access to PIX exactly the same way as you do on a router. Similarly, you need to connect the TFTP server to one of the interfaces and use the "copy tftp flash" command

to pick the image from the tftp server.

If you dont have sufficient space in flash, you may have to delete some files to accomodate the files you need to copy.

Thereafter, once you have the PIX OS and ASDM images on flash, you need to specify these images to be used for operation.

boot system flash:/

asdm image flash:/

Hope this helps.

Regards,

Vibhor.

andreas.schnell Tue, 07/10/2007 - 09:54

Hi Vibhor,

yes it helps. Thanks.

I was just wondering because in the PIX config, there was nothing specified like on a router, e.g.:

console 0

login local

or

console 0

login

password xyz

In addition, do i have to put in the command "security-level 0" on the inside interface in order to allow the TFTP traffic or is this not influenced by it at all?

Thanks again,

Andy

vitripat Tue, 07/10/2007 - 10:54

You dont need to specify security-level 0 command on inside interface. By default, inside interface will have security-level of 100. You do need security-level on the interface though to have it enabled.

However, the security-level does not influence communication with TFTP server on the same interface.

Hope that helps.

Regards,

Vibhor.

Actions

This Discussion