PIX 515E: Boot Fails After Image File Load

Answered Question
Jun 17th, 2010

Hi folks!

We  have purchased a used Cisco PIX 515E firewall that I am trying to  configure. It was originally password protected, but I have used the  password reset utility supplied by Cisco to clear the password and have  formatted the flash. I am now trying to load the boot image file from a  TFTP server and copy the configuration from another functioning PIX 515E  unit that we are basically wanting to duplicate.

I can  successfully enter the monitor mode on the unit and download the image  file (pix804.bin, in this case) to the unit. I have also successfully  copied over the running configuration from the unit we want to  duplicate. Immediately after I download the image file, the unit will  reboot, will display a few errors with the transferred configuration  that need to be corrected, and then will drop me at the console prompt.  As long as I don't reboot, everything looks normal. But the moment I  reload the unit, it tells me that it cannot find a bootable image file  and refuses to boot.

Below I am including a complete log of one  of these attempts, from the downloading of the image file in the monitor  interface to the failed boot attempt.

Any suggestions would be  most appreciated.

- Tom

monitor> address 192.168.1.47
address 192.168.1.47
monitor> server 192.168.1.4
server 192.168.1.4
monitor> file pix804.bin
file pix804.bin
monitor> tftp
tftp pix804.bin@192.168.1.4.....................................................
  --- Many Lines of Progress Dots Deleted for Readability ---
................................
Received 7538688 bytes

Cisco Security Appliance admin loader (3.0) #0: Thu Aug  7 19:15:24 MDT 2008
################################################################################
################################################################################
###################################################################
64MB RAM

Total NICs found: 3
mcwa i82559 Ethernet at irq 10  MAC: 000e.833e.f25e
mcwa i82559 Ethernet at irq 11  MAC: 000e.833e.f25f
mcwa i82559 Ethernet at irq 11  MAC: 0002.b3d5.8988
BIOS Flash=am29f400b @ 0xd8000

Initializing flashfs...
flashfs[7]: 5 files, 3 directories
flashfs[7]: 0 orphaned files, 0 orphaned directories
flashfs[7]: Total bytes: 16128000
flashfs[7]: Bytes used: 49664
flashfs[7]: Bytes available: 16078336
flashfs[7]: flashfs fsck took 15 seconds.
flashfs[7]: Initialization complete.


Licensed features for this platform:
Maximum Physical Interfaces  : 6
Maximum VLANs                : 25
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Disabled
Cut-through Proxy            : Enabled
Guards                       : Enabled
URL Filtering                : Enabled
Security Contexts            : 2
GTP/GPRS                     : Disabled
VPN Peers                    : Unlimited

This platform has an Unrestricted (UR) license.


Cisco PIX Security Appliance Software Version 8.0(4)

  ****************************** Warning *******************************
  This product contains cryptographic features and is
  subject to United States and local country laws
  governing, import, export, transfer, and use.
  Delivery of Cisco cryptographic products does not
  imply third-party authority to import, export,
  distribute, or use encryption. Importers, exporters,
  distributors and users are responsible for compliance
  with U.S. and local country laws. By using this
  product you agree to comply with applicable laws and
  regulations. If you are unable to comply with U.S.
  and local laws, return the enclosed items immediately.

  A summary of U.S. laws governing Cisco cryptographic
  products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

  If you require further assistance please contact us by
  sending email to export@cisco.com.
  ******************************* Warning *******************************

Copyright (c) 1996-2008 by Cisco Systems, Inc.

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706

...........WARNING: Enabling the logging ftp-bufferwrap feature could cause a
         depletion of all available memory under high syslog
         rates. Please adjust your buffered logging level
         appropriately
*** Output from config line 390, "logging ftp-bufferwrap"
Device Manager image set, but unable to find flash:/asdm-61557.bin
*** Output from config line 401, "asdm image flash:/asdm-6..."
..WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 490, "nat (inside) 1 192.168.0..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 491, "nat (inside) 1 192.168.2..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 492, "nat (inside) 1 192.168.3..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 493, "nat (inside) 1 192.168.4..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 494, "nat (inside) 1 192.168.5..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 495, "nat (inside) 1 192.168.6..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 496, "nat (inside) 1 192.168.7..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 497, "nat (inside) 1 192.168.8..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 498, "nat (inside) 1 192.168.9..."
........WARNING: crypto map has incomplete entries
*** Output from config line 684, "crypto map outside_map i..."
WARNING: crypto map has incomplete entries
*** Output from config line 686, "crypto map inside_map in..."
.
Cryptochecksum (unchanged): [Checksum Deleted for Privacy]
Type help or '?' for a list of available commands.
EZ-Ads> enable
Password:
EZ-Ads# reload
Proceed with reload? [confirm]
EZ-Ads#


***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down File system

***
*** --- SHUTDOWN NOW ---

Rebooting....


CISCO SYSTEMS PIX FIREWALL
Embedded BIOS Version 4.3.207 01/02/02 16:12:22.73
Compiled by morlee
64 MB RAM

PCI Device Table.
Bus Dev Func VendID DevID Class              Irq
00  00  00   8086   7192  Host Bridge
00  07  00   8086   7110  ISA Bridge
00  07  01   8086   7111  IDE Controller
00  07  02   8086   7112  Serial Bus         9
00  07  03   8086   7113  PCI Bridge
00  0D  00   8086   1209  Ethernet           11
00  0E  00   8086   1209  Ethernet           10
00  11  00   8086   1229  Ethernet           11

Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001
Platform PIX-515E
System Flash=E28F128J3 @ 0xfff00000

Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Reading 115200 bytes of image from flash.

PIX Flash Load Helper

Initializing flashfs...
flashfs[0]: 5 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 16128000
flashfs[0]: Bytes used: 49664
flashfs[0]: Bytes available: 16078336
flashfs[0]: Initialization complete.

Booting first image in flash

No bootable image in flash. Please download an image from a network server
in the monitor mode

Failed to find an image to boot


Rebooting....

I have this problem too.
0 votes
Correct Answer by David White about 3 years 10 months ago

Hi Tom,

If you erased the flash, then there are no (bootable) images on flash.

When you copy an image from monitor mode, it does a direct copy of the image from the TFTP server to the PIX's RAM (not Flash).  Once in RAM, it boots the image.  If you then reload at that point, you will be stuck as there is still no bootable image on flash.


What you need to do is:

1) copy an image over from monitor mode

2) allow it to boot up

3) configure the PIX for basic IP connectivity to the TFTP sever

4) ** Copy the image over again - so it is saved in flash **

5) reload

That will fix the issue you are experiencing.

Sincerley,


David.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Correct Answer
David White Thu, 06/17/2010 - 06:43

Hi Tom,

If you erased the flash, then there are no (bootable) images on flash.

When you copy an image from monitor mode, it does a direct copy of the image from the TFTP server to the PIX's RAM (not Flash).  Once in RAM, it boots the image.  If you then reload at that point, you will be stuck as there is still no bootable image on flash.


What you need to do is:

1) copy an image over from monitor mode

2) allow it to boot up

3) configure the PIX for basic IP connectivity to the TFTP sever

4) ** Copy the image over again - so it is saved in flash **

5) reload

That will fix the issue you are experiencing.

Sincerley,


David.

Actions

Login or Register to take actions

This Discussion

Posted June 17, 2010 at 6:05 AM
Stats:
Replies:2 Avg. Rating:5
Views:3179 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,165
4 1,473
5 1,446