09-07-2010 07:26 PM - edited 03-11-2019 11:36 AM
Hi,
Trying to upgrade PIX 6.3 to 7.04
After reboot, and now cannot do a TFTP to copy the image into the Flash.
I am unable to set the INSIDE interface to have an ip address.
Did a sh run - its there in the config.
Did a sh int ip brief - unassigned to the interface!
* In fact, none of the interface are able to hold any static ip address. DHCP gives a weird ip 80.X.X.X
interface Ethernet1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.1.10 255.255.255.0
I have the same problem as this guy (link below) - but no answers so far.
https://supportforums.cisco.com/message/3125731
I've got a freshly formatted Cisco PIX 515E firewall that I am trying to configure with the proper boot image. When it boots, I can escape into the monitor mode, set the IP address, and download the boot image (pix804.bin) from the TFTP server. I can then boot into the firewall. However, that's as far as I can get.
My next step has been to try to configure the IP address of the appropriate interface and download the image from the TFTP server again in regular console mode so that it can be saved to flash. However, when I attempt to configure the exact same interface with the exact same IP as I used in the monitor mode, I get no network connectivity. I cannot reach the TFTP server, and any ping attempts return "No route to host."
Is this a bug on certain PIX 515E?
Anybody care to help?
Thanks!
Solved! Go to Solution.
09-07-2010 09:27 PM
type "no failover" and now put the ip address to the interface , it must show up
--regards
09-07-2010 07:37 PM
Hello,
When you issue "show interface ethernet1" do you see the interface status as
up/up or does it show as down? What is connected to Ethernet1 interface? Can
you set the speed/duplex to auto and see if that helps? Also, if you were
trying to connect the PC directly to Ethernet1 interface, can you try
connecting a Switch/Hub in between and see if that helps.?
Regards,
NT
09-07-2010 09:20 PM
Hi,
Thanks for the reply. Yes... status is up/up. I can see the lights on the E1.
The connection should be ok since it can transfer file from the initial rommon mode.
I am using a switch in between PC and the PIX.
I have also another PIX515, and the connection is all ok, when connected to the same switch.
Previously tried the speed/duplex to auto.... no changes. So now running out of ideas.
Any other thoughts?
09-07-2010 09:27 PM
type "no failover" and now put the ip address to the interface , it must show up
--regards
09-07-2010 10:05 PM
no failover
Did that... no changes...
here's my output
PIX Version 7.0(4)
!
hostname PIX515E
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
nameif outside
security-level 100
ip address 10.1.1.10 255.255.255.0
!
interface Ethernet1
description LOCAL OFFICE LAN
speed 100
duplex full
nameif inside
security-level 10
ip address 192.168.100.222 255.255.255.0
!
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
asdm image flash:/pdm
no asdm history enable
arp timeout 14400
global (outside) 1 10.1.1.15 netmask 255.255.255.240
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
Cryptochecksum:3c02d91fb8f36fb79716813198ddb6b3
: end
PIX515E#
PIX515E# sh int ip brief
Interface IP-Address OK? Method Status Prot
ocol
Ethernet0 unassigned YES CONFIG down down
Ethernet1 unassigned YES manual up up
Ethernet2 unassigned YES unset administratively down down
Ethernet3 unassigned YES unset administratively down down
Ethernet4 unassigned YES unset administratively down down
Ethernet5 unassigned YES unset administratively down down
PIX515E#
09-08-2010 06:12 AM
Hello,
It looks like you were able to get an IP address set and the interface up at this point. What is the IP address of the TFTP server you are trying to connect to? Unless it's in the 192.168.100.x/24 subnet, you'll also need to set a route with the 'route' command:
http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/mr.html#wp1596190
If the server is in the 192.168.100.x/24 subnet, try pinging it from the ASA and then check the output of 'show arp' to make sure you are getting the correct MAC address for the server.
Hope that helps.
-Mike
09-08-2010 07:59 PM
Hi,
Yes ...its on the same subnet - 192.168.100.3 /24
Its where I am able to TFTP from rommon of the PIX.
But once reboot into 7.04 image, i am unable to assign an ip address to the interface (any interface - i have 6 ethernets).
How to get check ARP when I can even ping?
PIX515E# show interface inside stats
Interface Ethernet1 "inside", is up, line protocol is up
Hardware is i82559, BW 100 Mbps
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
Description: LOCAL OFFICE LAN
MAC address 0013.60c1.fd23, MTU 1500
IP address unassigned
3226 packets input, 310398 bytes, 0 no buffer
Received 3251 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/2)
output queue (curr/max blocks): hardware (0/0) software (0/0)
Traffic Statistics for "inside":
3165 packets input, 257820 bytes
0 packets output, 0 bytes
2833 packets dropped
PIX515E# show arp statistics
Number of ARP entries in PIX: 0
Dropped blocks in ARP: 0
Maximum Queued blocks: 0
Queued blocks: 0
Interface collision ARPs Received: 0
ARP-defense Gratuitous ARPS sent: 0
Total ARP retries: 0
Unresolved hosts: 0
Maximum Unresolved hosts: 0
Thanks..... but still no idea what to do
Maybe i will try to boot to a higher pix(7.22)
09-08-2010 08:06 PM
Hello,
Can you try the following set of commands?
Step 1: Convert the firewall to transparent mode
firewall transparent
Step 2: Convert the firewall back to routed mode
no firewall transparent
Hope this fixes the issue. If it still does not, please upgrade the code to
7.2(x) in the ROMMON mode and see if that helps.
Regards,
NT
09-08-2010 08:36 PM
I didn't noticed it booted into Standby state.
So i applied FAILOVER.... and the ip address was there.
Thanks for the help!!! Cheers.
09-09-2010 12:01 AM
glad we cud be of some help..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: