02-01-2007 04:51 AM - edited 03-11-2019 02:27 AM
I have a pair of 515e devices configured in failover. The system has been working fine, however I tried to upgrade from 6.3(5) to 7.2(2) using Monitor mode, as I have PDM installed.
The problem is that whenever I enter monitor mode and apply an IP address to the inside interface, I have problems keeping a reliable connection to the TFTP server.
From Montior mode I enter the folowing commands:
Interface 1
Address 192.168.10.10
Server 192.168.10.137
At this point, I try to ping the TFTP server at 192.168.10.137 and my results are varied. Return success rate is typically 20-60%. On a rare attempt I can get 100%.
Since this is a failover configuration, I don't want to enter the IP address for this interface that it would normally use while in service, as this IP is now running on the standby PIX. Normally, I would think that there were some network issues happening, however the same network cable, switch port and switch port settings are in use during the upgrade attempt as are in use during production. Is there something different going on with the network connection in monitor mode vs normal mode? During the upgrade attempt, I noticed that the switch port this interface connects to starts getting Receive Drop errors that don't occur while the device is in production.
TIA,
Ken
02-04-2007 08:17 AM
Hi Ken. You shouldn't upgrading from ROMMON if you have a 515E, only if you have a PIX 515. These models are completely different. I've upgraded several 515e's using the basic uprade procedure. Here's a link that talks about the difference:
Please rate if this helps.
02-04-2007 11:00 AM
hello bthibode,
i have sort of a similar case, except a bit differnet that one of my junior network administrator upgraded our 515E to version 7.0(2) from 6.3(5) not knowning that it was with 32MB and 7 version above requires 64MB. now when ever i try to downgrade it to 6.3(5) version from ROMMON, right after the final stage of downloading the image from TFTP server it fails and keeps rebooting with message something like
"insuffient memory"
now is there any other way of fixing the problem and restoring it back old image.
02-04-2007 11:38 AM
I've got this same issue in my lab right now. The standard answer is RMA the PIX. I've tried quite a few different things and still cannot recover my PIX. Maybe someone else will be able to help you with this specific question. Please rate if my last post helped.
Thanks
02-04-2007 09:27 PM
hello Bryan,
so i guess the only solution i am left with is to put addtional 32MB and boot it and use the downgrade command :(
i which there could be some other less expensive solution and straight forward
02-11-2007 05:45 PM
Hey zulqurnain,
I did the same thing also. All you need to do is get a spare 32MB to upgrade the memory to 64MB for the Pix 7.0(2) to boot. From there you can just run the downgrade. You can then remove the 32MB and your pix would boot fine.
02-06-2007 06:33 AM
Thanks, I had never noticed the distinction between the 515 and 515e in the documentation before. What you posted in the link was the doc that I had used when planning the upgrade. I'll give this a try tomorrow morning and see what happens. Thanks to all for the response.
Ken
02-07-2007 06:17 AM
Thanks! Upgrading in normal mode with a failover configuration was much less confusing and the tftp issue was gone as well.
FYI, for all those who may be having a problem with VPN and NAT translation (packets in being decrypted but then dropped instead of being passed through to the internal host), upgrading from 6.35 to 7.22 resolved the issue.
02-07-2007 04:37 PM
hi!
we're also planning to upgrade a pix v6.3.
Did you have to upgrade from 6.3 to 7.0 first?
then from 7.0 to 7.1? and then 7.1 to 7.2?
I'm reading the Release notes for 7.2 and it seems there's no direct upgrade path from 7.0 to 7.2
I'm using this link as a guide.
1. Guide for Cisco PIX 6.2 and 6.3 Users pgrading to Cisco PIX Software Version 7.0.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/pix_upgd/pixupgrd.pdf
2. Relase notes for 7.2 http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_72/rel_note/pixrn72.pdf
02-07-2007 04:41 PM
You have to upgrade from 6.3 to 7.0. After that you can hop around in 7.x til your heart's content :-)
02-08-2007 06:28 AM
Thanks! very reassuring!
02-08-2007 06:36 AM
That is not correct. I upgradded from 6.3(5) directly to 7.2(2). Previously on another PIX, I upgrade from a 6.2(2) straight to 7.2(2) all with no version issues.
Ken
02-08-2007 07:23 AM
Ken,
I;m glad you've done this once. I do this at least 3 times a week on the TAC. Best practice is to upgrade to 7.0 from 6.3. If you had success using an unsupported method of upgrading, I'm happy for you. Please be aware that this is unsupported so if you would have run into any issues, you might have been on your own. Please don't contradict best practice documents. They are there for a reason.
Thanks,
Bryan
03-08-2007 10:35 AM
Got the upgrade done. Migration of the commands was seamless. i had to remove some commands before upgrade ( e.g. pptp , vpdn, etc). No problem reboooting. Even the VPN Xauth was automatically disabled ( this was said to have been enabled by default)
Upgrade was almost seamless until we ran into a problem with the mail system. we were able to send but were unable to receive. i thought it was due to the esmtp. but could not get it running. we got the TAC involved and the tech told us it was due to the new MSS ( Max Segment Size) feature.
he set up the service policy to allow packets that exceed the MSS.
bing
02-18-2007 11:44 AM
bthidode
I am about to upgrade a 515E with PDM from 6.3 to 7 and can't see any other info that I have to do it via monitor-mode and not basic. Am I missing something here? The link you provided says nothing about 515E and basic, as far as I have a redaing-problem...
Can you explain?
/Fred
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: