Downgrade PIX version

Unanswered Question
Nov 11th, 2008

Hi, I am trying to perform a downgrade of PIX515E from version 7.2(2) to 7.0(4). I have found some info from the link http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml#t6. The procedure shows downgrade of software from version 7x to 6x. Can I use the same steps for downgrade from version 7.2(2) to 7.0(4)?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Have you tried just tftp/ftp'ing the proper image to the flash then setting the boot image? "boot system disk0:/asa704-k8.bin" (or whatever) and rebooting? I am pretty sure that the "upgrade/downgrade" procedure is only necessary when going to/from 6.x and 7.x. As long as you are staying in the 7.x code train, you should be fine. If not, I have a couple of old 515E's that I could test with if this doesnt do the trick.

essilorasia Sun, 11/16/2008 - 17:24

Yes, you are right. I have tried the downgrade command and the PIX doesn't allow me to do that. It gave me a message saying that the downgrade command is only for version 7 to version 6. The thing is, the flash memory is not enough to hold both 7.2(2) and 7.0(4). From what I know, the IOS will be loaded onto the RAM once it's running. In the case, can i delete 7.2(2) and copy over 7.0(4) then perform a reload? Will it cause the PIX to crash?

If you are SURE you can get a copy of the 7.0(4) code on there before it is rebooted you can. The pix will load the OS into memory when it boots, therefore, you can delete the 7.2(2) image from flash, then copy the 7.0(4) image to flash, set the boot statement and reboot. If this was a router, I would say that unless you feel like copying an image via xmodem, I wouldnt risk it, however a cool feature of the PIX is that it is smart enough to be able to get itself on network and boot off of the TFTP server. If you dont have a local copy to boot from you can boot into monitor mode, configure your interface addressing and tell it what tftp server to boot the image from. Once you have done this, you can format the flash and copy the proper image to the pix and reboot. The exact step-by-step procedures of booting from tftp can be found here:

http://www.cisco.com/warp/public/110/cspix-adsm-swupgrade.pdf

it is the upgrade guide, but on page 4, it goes into how to boot from monitor mode off of a tftp server. Remember, you only have to do this, if something goes wrong. The normal steps would be:

1). boot into 7.2(2)

2). make sure you can get to your ftp/tftp server. Try to copy a small file from it just to make sure

3). delete the 7.2(2) image from flash, or just format the flash

4). ftp/tftp the 7.0(4) image to flash

5). either set the boot statement or just reboot (it should boot to 7.0(4), since this will be the only valid image on the flash.

6). If this doesnt work, format the flash and boot from monitor mode off of the tftp server, then copy the image to flash (when you boot from tftp, it does not copy the image to flash).

Actions

This Discussion