PIX 515 6.35 to 7.01 Upgrade Problem

Unanswered Question
Apr 1st, 2010
User Badges:

Attached is the log of an upgrade on a PIX 515 from 6.35 to 7.01.  As far as I can tell I am following all the required steps but once the upgrade is complete and I reload the system no bootable image can be found.  I used the monitor approach (as recommended) to upgrade the unit and once the upgrade was complete I copied over the PIX701.bin image to the flash and performed a wr mem.  As this is no longer a supported item then I'm hoping some can point out a step I missed that will make this work.


Thanks,


gb

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Looks like you did not complete the upgrade - follow the below:-


Upgrade the PIX from Monitor Mode

Complete these steps in order to upgrade your PIX from Monitor       Mode.

Note: Fast Ethernet cards in 64-bit slots are not visible in  monitor mode.           This problem means that the TFTP server cannot reside on one of these           interfaces. The user should use the copy tftp flash command in order to download the PIX Firewall image file through TFTP.

  1. Copy the PIX Appliance binary image (for example, pix701.bin) to             the root directory of the TFTP server.

  2. Enter Monitor Mode on the PIX. If you are unsure how to do this,             see the instructions for how  to enter Monitor             Mode in this document.

    Note: Once in Monitor Mode, you can use the "?" key to see a list  of                 available options.

  3. Enter the interface number that the TFTP server is connected to, or             the interface that is closest to the TFTP server. The default is  interface 1             (Inside).

    monitor>interface 

    Note: In Monitor Mode, the interface always auto negotiates the  speed                 and duplex. The interface settings cannot be hard coded. Therefore,  if the PIX                 interface is plugged into a switch that is hard coded for  speed/duplex, then                 reconfigure it to auto negotiate while you are in Monitor Mode. Also  be aware                 that the PIX Appliance cannot initialize a Gigabit Ethernet  interface from                 Monitor Mode. You must use a Fast Ethernet interface instead.

  4. Enter the IP address of the interface defined in step 3.

    monitor>address 
  5. Enter the IP address of the TFTP server.

    monitor>server 
  6. (Optional) Enter the IP address of your gateway. A gateway address             is required if the interface of the PIX is not on the same network  as the TFTP             server.

    monitor>gateway 
  7. Enter the name of the file on the TFTP server that you wish to             load. This is the PIX binary image file name.

    monitor>file 
  8. Ping from the PIX to the TFTP server in order to verify IP             connectivity.

    If the pings fail, double check the cables, IP address of the PIX             interface and the TFTP server, and the IP address of the gateway (if  needed).             The pings must succeed before you continue.

    monitor>ping 
  9. Type tftp in order to start the TFTP download.

    monitor>tftp
  10. The PIX downloads the image into RAM and automatically boots             it.

    During the boot process, the file system is converted along with             your current configuration. However, you are not done yet. Note this  Warning             message after you boot and continue on to step 11:

    ******************************************************************
      **                                                                    **
      **   *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING ***  **
      **                                                                    **
      **          ----> Current image running from RAM only! <----          **
      **                                                                    **
      **  When the PIX was upgraded in Monitor mode the boot image was not  **
      **  written to Flash.  Please issue "copy tftp: flash:" to load and   **
      **  save a bootable image to Flash.  Failure to do so will result in  **
      **  a boot loop the next time the PIX is reloaded.                    **
      **                                                                    **
      ************************************************************************
  11. Once booted, enter enable mode and copy the same image over to the             PIX again. This time use the copy tftp flash command.

    This saves the image into the Flash file system. Failure to perform             this step results in a boot loop the next time the PIX reloads.

    pixfirewall>enable
    pixfirewall#copy tftp flash

    Note: For detailed instructions on how to copy the image over  with the                 use of the copy tftp flash command, see the                 Upgrade  the PIX Security Appliance with the copy tftp flash                 Command section.

  12. Once the image is copied over using the copy tftp             flash command, the upgrade process is complete.

HTH>

Andrew.

garymboy Thu, 04/01/2010 - 15:02
User Badges:

I believe I followed that step.  Here is that section from the log:


  ************************************************************************
  **                                                                    **
  **   *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING ***  **
  **                                                                    **
  **          ----> Current image running from RAM only! <----          **
  **                                                                    **
  **  When the PIX was upgraded in Monitor mode the boot image was not  **
  **  written to Flash.  Please issue "copy tftp: flash:" to load and   **
  **  save a bootable image to Flash.  Failure to do so will result in  **
  **  a boot loop the next time the PIX is reloaded.                    **
  **                                                                    **
  ************************************************************************
Type help or '?' for a list of available commands.
pix1195> en
Password: ***********
pix1195# copy tftp: flash:

Address or name of remote host []? 192.168.7.3

Source filename []? pix701.bin

Destination filename [pix701.bin]?

Accessing tftp://192.168.7.3/pix701.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Clip-
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file flash:/pix701.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-clip-
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
5124096 bytes copied in 97.380 secs (52825 bytes/sec)



pix1195# wr mem
Building configuration...
Cryptochecksum: 4487ddd8 bfd3bb13 3f6239c3 3dba8148


1576 bytes copied in 2.60 secs (788 bytes/sec)
[OK]
pix1195# sho ver

Cisco PIX Security Appliance Software Version 7.0(1)

Compiled on Thu 31-Mar-05 14:37 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"

pix1195 up 3 mins 18 secs

Hardware:   PIX-515, 128 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: Ext: Ethernet0           : media index  0: irq 10
1: Ext: Ethernet1           : media index  1: irq 7

Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs               : 25
Inside Hosts                : Unlimited
Failover                    : Active/Active
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Cut-through Proxy           : Enabled
Guards                      : Enabled
URL Filtering               : Enabled
Security Contexts           : 2
GTP/GPRS                    : Disabled
VPN Peers                   : Unlimited

This platform has an Unrestricted (UR) license.

Serial Number: XXXXXXXXX
Running Activation Key: XXXXXXXXXX XXXXXXXXXX XXXXXXXXXX XXXXXXXXXX
Configuration has not been modified since last system restart.
pix1195# sho fl
pix1195# sho flash:

Directory of flash:/

6      -rw-  1978424     15:30:19 Apr 01 2010  image_old.bin
9      -rw-  5124096     15:32:47 Apr 01 2010  pix701.bin
12     -rw-  1801        15:29:51 Apr 01 2010  downgrade.cfg

15998976 bytes total (8886784 bytes free)
pix1195# reload
Proceed with reload? [confirm]
pix1195#


***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down File system


***
*** --- SHUTDOWN NOW ---


Rebooting....

Cisco Secure PIX Firewall BIOS (4.0) #0: Thu Mar  2 22:59:20 PST 2000
Platform PIX-515
Flash=i28F640J5 @ 0x300

Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Reading 115200 bytes of image from flash.

PIX Flash Load Helper

Initializing flashfs...
flashfs[0]: 9 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 7112192
flashfs[0]: Bytes available: 8886784
flashfs[0]: Initialization complete.

Booting first image in flash

No bootable image in flash. Please download an image from a network server
in the monitor mode

Failed to find an image to boot



garymboy Thu, 04/01/2010 - 17:40
User Badges:

More info:


I blew away the flash with erasedisk611.bin and then loaded pix 8.04 from monitor.  Everything came up ok.  Had to configure a few items (activation key, interfaces, password) and then did copy tftp flash of the pix804.bin file .  wr mem and reload.  Booted fine.  Reload, boot ok.  Reload, checksum error on the bin file, no boot.  boot loop.  I let the boot loop continue while I searched google a bit more.  Looked back over at the console and the darn thing booted correctly.  I'm leaning towards a flaky flash unless somebody has a better idea.


Cisco Secure PIX Firewall BIOS (4.0) #0: Thu Mar  2 22:59:20 PST 2000
Platform PIX-515
Flash=i28F640J5 @ 0x300

Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Reading 102912 bytes of image from flash.

PIX Flash Load Helper

Initializing flashfs...
flashfs[0]: 6 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 7543808
flashfs[0]: Bytes available: 8455168
flashfs[0]: Initialization complete.

Reading image flash:/pix804.bin
sumval(0xfda6) chksum(0x0   )md5(0xaa1b05d9 0x8c60787a 0xc02e8be9 0xb103b05d)
md5(0xecccdeed 0x8330a01f 0x89b05d14 0x9cd51261)
Checksum error in file flash:/pix804.bin
Booting first image in flash

sumval(0xfda6) chksum(0x0   )md5(0xaa1b05d9 0x8c60787a 0xc02e8be9 0xb103b05d)
md5(0x7caf2524 0xa7219a5a 0xb4d636e5 0xe724c957)
Checksum error in file flash:/pix804.bin
No bootable image in flash. Please download an image from a network server
in the monitor mode

Failed to find an image to boot


Rebooting....

Kureli Sankar Thu, 04/01/2010 - 17:53
User Badges:
  • Cisco Employee,

I would try and download the image one more time and do it all over again.


run fsck disk and format disk as well once you get the code on and then "copy tftp flash:" again.


-KS

garymboy Sat, 04/03/2010 - 09:51
User Badges:

Odd.  I didn't tftp the image over again as it did eventually boot.  I added the asdm image and configured the pix via asdm.  I powered it off and racked it up and when I powered it on it reloaded without an issue.  It has been up for a day and a half without any problems.


We'll see how it goes.


Thanks to everyone for your input.


gb

Actions

This Discussion