Cannot ping inside i/f from pix iteslf & cannot tftp from server to Pix

Unanswered Question
Feb 20th, 2008

We have Pix 525 (in a test lab non prod). I am trying to tftp a new OS image (6.3.5). It is currently running 6.3.3. to do this I am in monitor mode on the Pix (You have to be in monitor mode to do this). I can ping my laptop FROM the firewall (which is connected to the inside i/f). I CANNOT ping the inside i/face from the Pix itself and I cannot ping the inside firewal i/f from the laptop. All netmasks are correct. The tftp process also fails (which I assume is due to the weirdness about not being able to ping the inside firewall interface from the Pix itself. Any guidance welcomed as I am flumoxed. Theres loads of memory. The cable is ok as it pings ok (albeit in one direction) - thanks [email protected]

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Wed, 02/20/2008 - 14:50

Peter,

I have not worked with 525 models but why do you need to be in monitor mode to upgrade code. You can upgrade the code from PIX normal mode by simply configuring your laptop-tftp server in same subnet as your PIX inside interface use a hub or switch to connect both.

PIX#copy tftp flash:image

pix#copy tftp flash:pdm

the reboot the pix..

now if you are in monitor mode, don't need to specify gateway in laptop tctip settings if both in same network.

e.g

mon>interface 1

mon>address 10.10.10.1 <-for interface1

mon>server 10.10.10.2 <-for labtop-tftp

try pinging laptop form pix and vice versa

then specify code filename

mon>file pixcode.bin

>tftp

is all here

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a5d.shtml#upbootormon

abinjola Wed, 02/20/2008 - 20:59

thats By design, you cannot ping from TFTP to a monitor interface, only from pix to tftp

Connect a tftp directly to the pix interface, GIG ethernet are not initialised in ROMmode therefore use a fastethernet Interface to connect to tftp and follow the normal ROM mode procedure

it should work fine !!

peter-net Thu, 02/21/2008 - 05:23

BEWARE CISCO SECURITY AGENT ON YOUR TFTP SERVER! Fixed now - thanks

Actions

This Discussion