strange problem in pix monitor mode via upgrading

sushilmenon2001 · ‎12-17-2005

i have a pix 515E . in the monitor mode i speicfy the interface connected to the tftp server . i have given an ip add of 4.1.1.1 and the tftp server ip address is 4.1.1.2/24 . from the monitor i specify the server as 4.1.1.2. i can ping form the pix to the server in the monitor mode but not vice-versa.what could be the problem.in the tftp server i get an erroe sending to pix 4.1.1.1 timeout error. any ideas over this pls cause this is the reason i feel i am unable to upgrade the pix to 7.0 .my current ios is 6.3.4.kindly help urgent .and thank u in advance.i tried downloading the same ios 6.3.4 from copy tftp flash command it worked fine. but not been able to do it from the monitor mode.kindly help pls it's urgent.

sushil

thomas.chen · ‎12-22-2005

Verify that the device connected to the PIX's interface is configured to autonegotiate speed/duplex. The PIX's monitor (or boothelper) program can only autonegotiate speed/duplex.

Another option is to place a hub or switch between the PIX and the laptop.

For more information on upgrading the PIX from the boothelper or monitor mode, please refer to the Using Monitor Mode to Recover the PIX Firewall Image section of

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a5d.shtml

crose · ‎12-22-2005

Make sure the computer you have the tftp server on has it's default gateway set to the ip address of the pix. Especially if you have them connected using a corssover cable. also make sure you have the gateway command in monitor mode set to the IP of your tftp server computer. basicly each devices default gateway shoudl point to the other machine.

Anothe rproblem I have had with doing monitor upgrades on 515 and 535 units is having the tftp server timeout set to low on the tftp server. I have found tftpd32 works the best. It's default timeout is like 3 seconds which isn't enough. Bump it up to 200 seconds and it will work like a charm.