PIX 515E: No ip address assigned - no route to host

Answered Question
Sep 7th, 2010
User Badges:


Trying to upgrade PIX 6.3 to 7.04

After reboot, and now cannot do a TFTP to copy the image into the Flash.

I am unable to set the INSIDE interface to have an ip address.

     Did a sh run - its there in the config.

     Did a sh int ip brief - unassigned to the interface!

* In fact, none of the interface are able to hold any static ip address.  DHCP gives a weird ip 80.X.X.X

interface Ethernet1

speed 100

duplex full

nameif inside

security-level 100

ip address

I have the same problem as this guy (link below) - but no answers so far.


I've got a freshly formatted Cisco PIX 515E firewall that I am trying to configure with the proper boot image. When it boots, I can escape into the monitor mode, set the IP address, and download the boot image (pix804.bin) from the TFTP server. I can then boot into the firewall. However, that's as far as I can get.

My next step has been to try to configure the IP address of the appropriate interface and download the image from the TFTP server again in regular console mode so that it can be saved to flash. However, when I attempt to configure the exact same interface with the exact same IP as I used in the monitor mode, I get no network connectivity. I cannot reach the TFTP server, and any ping attempts return "No route to host."

Is this a bug on certain PIX 515E?

Anybody care to help?


Correct Answer by abinjola about 6 years 9 months ago

type "no failover" and now put the ip address to the interface , it must show up


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Nagaraja Thanthry Tue, 09/07/2010 - 19:37
User Badges:
  • Cisco Employee,


When you issue "show interface ethernet1" do you see the interface status as

up/up or does it show as down? What is connected to Ethernet1 interface? Can

you set the speed/duplex to auto and see if that helps? Also, if you were

trying to connect the PC directly to Ethernet1 interface, can you try

connecting a Switch/Hub in between and see if that helps.?



ciscoeknowledge2008 Tue, 09/07/2010 - 21:20
User Badges:


Thanks for the reply. Yes... status is up/up.   I can see the lights on the E1.

The connection should be ok since it can transfer file from the initial rommon mode.

I am using a switch in between PC and the PIX.

I have also another PIX515, and the connection is all ok, when connected to the same switch.

Previously tried the speed/duplex to auto.... no changes. So now running out of ideas.

Any other thoughts?

Correct Answer
abinjola Tue, 09/07/2010 - 21:27
User Badges:
  • Cisco Employee,

type "no failover" and now put the ip address to the interface , it must show up


ciscoeknowledge2008 Tue, 09/07/2010 - 22:05
User Badges:

no failover

Did that... no changes...

here's my output

PIX Version 7.0(4)


hostname PIX515E

enable password 8Ry2YjIyt7RRXU24 encrypted



interface Ethernet0

nameif outside

security-level 100

ip address


interface Ethernet1

description LOCAL OFFICE LAN

speed 100

duplex full

nameif inside

security-level 10

ip address



passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

pager lines 24

mtu outside 1500

mtu inside 1500

no failover

asdm image flash:/pdm

no asdm history enable

arp timeout 14400

global (outside) 1 netmask

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0


class-map inspection_default

match default-inspection-traffic



policy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp



: end


PIX515E# sh int ip brief

Interface IP-Address OK? Method Status Prot


Ethernet0 unassigned YES CONFIG down down

Ethernet1 unassigned YES manual up up

Ethernet2 unassigned YES unset administratively down down

Ethernet3 unassigned YES unset administratively down down

Ethernet4 unassigned YES unset administratively down down

Ethernet5 unassigned YES unset administratively down down


mirober2 Wed, 09/08/2010 - 06:12
User Badges:
  • Cisco Employee,


It looks like you were able to get an IP address set and the interface up at this point. What is the IP address of the TFTP server you are trying to connect to? Unless it's in the 192.168.100.x/24 subnet, you'll also need to set a route with the 'route' command:


If the server is in the 192.168.100.x/24 subnet, try pinging it from the ASA and then check the output of 'show arp' to make sure you are getting the correct MAC address for the server.

Hope that helps.


ciscoeknowledge2008 Wed, 09/08/2010 - 19:59
User Badges:


Yes ...its on the same subnet - /24

Its where I am able to TFTP from rommon of the PIX.

But once reboot into 7.04 image, i am unable to assign an ip address to the interface (any interface - i have 6 ethernets).

How to get check ARP when I can even ping?

PIX515E# show interface inside stats

Interface Ethernet1 "inside", is up, line protocol is up

Hardware is i82559, BW 100 Mbps

Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)


MAC address 0013.60c1.fd23, MTU 1500

IP address unassigned

3226 packets input, 310398 bytes, 0 no buffer

Received 3251 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/2)

output queue (curr/max blocks): hardware (0/0) software (0/0)

Traffic Statistics for "inside":

3165 packets input, 257820 bytes

0 packets output, 0 bytes

2833 packets dropped

PIX515E# show arp statistics

Number of ARP entries in PIX: 0

Dropped blocks in ARP: 0

Maximum Queued blocks: 0

Queued blocks: 0

Interface collision ARPs Received: 0

ARP-defense Gratuitous ARPS sent: 0

Total ARP retries: 0

Unresolved hosts: 0

Maximum Unresolved hosts: 0

Thanks.....  but still no idea what to do

Maybe i will try to boot to a higher pix(7.22)

Nagaraja Thanthry Wed, 09/08/2010 - 20:06
User Badges:
  • Cisco Employee,


Can you try the following set of commands?

Step 1: Convert the firewall to transparent mode

firewall transparent

Step 2: Convert the firewall back to routed mode

no firewall transparent

Hope this fixes the issue. If it still does not, please upgrade the code to

7.2(x) in the ROMMON mode and see if that helps.



ciscoeknowledge2008 Wed, 09/08/2010 - 20:36
User Badges:

I didn't noticed it booted into Standby state.

So i applied FAILOVER.... and the ip address was there.

Thanks for the help!!! Cheers.

abinjola Thu, 09/09/2010 - 00:01
User Badges:
  • Cisco Employee,

glad we cud be of some help..


This Discussion

Related Content