Trying to upgrade PIX 6.3 to 7.04
After reboot, and now cannot do a TFTP to copy the image into the Flash.
I am unable to set the INSIDE interface to have an ip address.
Did a sh run - its there in the config.
Did a sh int ip brief - unassigned to the interface!
* In fact, none of the interface are able to hold any static ip address. DHCP gives a weird ip 80.X.X.X
ip address 192.168.1.10 255.255.255.0
I have the same problem as this guy (link below) - but no answers so far.
I've got a freshly formatted Cisco PIX 515E firewall that I am trying to configure with the proper boot image. When it boots, I can escape into the monitor mode, set the IP address, and download the boot image (pix804.bin) from the TFTP server. I can then boot into the firewall. However, that's as far as I can get.
My next step has been to try to configure the IP address of the appropriate interface and download the image from the TFTP server again in regular console mode so that it can be saved to flash. However, when I attempt to configure the exact same interface with the exact same IP as I used in the monitor mode, I get no network connectivity. I cannot reach the TFTP server, and any ping attempts return "No route to host."
Is this a bug on certain PIX 515E?
Anybody care to help?
Solved! Go to Solution.
When you issue "show interface ethernet1" do you see the interface status as
up/up or does it show as down? What is connected to Ethernet1 interface? Can
you set the speed/duplex to auto and see if that helps? Also, if you were
trying to connect the PC directly to Ethernet1 interface, can you try
connecting a Switch/Hub in between and see if that helps.?
Thanks for the reply. Yes... status is up/up. I can see the lights on the E1.
The connection should be ok since it can transfer file from the initial rommon mode.
I am using a switch in between PC and the PIX.
I have also another PIX515, and the connection is all ok, when connected to the same switch.
Previously tried the speed/duplex to auto.... no changes. So now running out of ideas.
Any other thoughts?
Did that... no changes...
here's my output
PIX Version 7.0(4)
enable password 8Ry2YjIyt7RRXU24 encrypted
ip address 10.1.1.10 255.255.255.0
description LOCAL OFFICE LAN
ip address 192.168.100.222 255.255.255.0
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
asdm image flash:/pdm
no asdm history enable
arp timeout 14400
global (outside) 1 10.1.1.15 netmask 255.255.255.240
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
inspect h323 h225
inspect h323 ras
PIX515E# sh int ip brief
Interface IP-Address OK? Method Status Prot
Ethernet0 unassigned YES CONFIG down down
Ethernet1 unassigned YES manual up up
Ethernet2 unassigned YES unset administratively down down
Ethernet3 unassigned YES unset administratively down down
Ethernet4 unassigned YES unset administratively down down
Ethernet5 unassigned YES unset administratively down down
It looks like you were able to get an IP address set and the interface up at this point. What is the IP address of the TFTP server you are trying to connect to? Unless it's in the 192.168.100.x/24 subnet, you'll also need to set a route with the 'route' command:
If the server is in the 192.168.100.x/24 subnet, try pinging it from the ASA and then check the output of 'show arp' to make sure you are getting the correct MAC address for the server.
Hope that helps.
Yes ...its on the same subnet - 192.168.100.3 /24
Its where I am able to TFTP from rommon of the PIX.
But once reboot into 7.04 image, i am unable to assign an ip address to the interface (any interface - i have 6 ethernets).
How to get check ARP when I can even ping?
PIX515E# show interface inside stats
Interface Ethernet1 "inside", is up, line protocol is up
Hardware is i82559, BW 100 Mbps
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
Description: LOCAL OFFICE LAN
MAC address 0013.60c1.fd23, MTU 1500
IP address unassigned
3226 packets input, 310398 bytes, 0 no buffer
Received 3251 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/2)
output queue (curr/max blocks): hardware (0/0) software (0/0)
Traffic Statistics for "inside":
3165 packets input, 257820 bytes
0 packets output, 0 bytes
2833 packets dropped
PIX515E# show arp statistics
Number of ARP entries in PIX: 0
Dropped blocks in ARP: 0
Maximum Queued blocks: 0
Queued blocks: 0
Interface collision ARPs Received: 0
ARP-defense Gratuitous ARPS sent: 0
Total ARP retries: 0
Unresolved hosts: 0
Maximum Unresolved hosts: 0
Thanks..... but still no idea what to do
Maybe i will try to boot to a higher pix(7.22)
Can you try the following set of commands?
Step 1: Convert the firewall to transparent mode
Step 2: Convert the firewall back to routed mode
no firewall transparent
Hope this fixes the issue. If it still does not, please upgrade the code to
7.2(x) in the ROMMON mode and see if that helps.
I didn't noticed it booted into Standby state.
So i applied FAILOVER.... and the ip address was there.
Thanks for the help!!! Cheers.