Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
4
Helpful
3
Replies

PIX515 Console Access & IOS Upgrade

andreas.schnell
Level 1
Level 1

‎07-10-2007 06:36 AM - edited ‎03-11-2019 03:42 AM

Hello everybody,

i'm new into the whole PIX thing, so i'm sorry if my question seems to be "easy". :-)

I was looking at the config of a PIX where i need to do a upgrade of the IOS and the ASDM via CLI. If i compare it to a router, where i know what i'm doing, it seems to be quite different.

On a router i would get access via the console, get connection to a TFTP server that i'm connection to the LAN interface and start the upgrade via "copy tftp flash".

In regards of the PIX i have now a few question marks?

How do i get console access, do i need to configure something in order to get it granted?

Can i also simply plug a PC to the inside interface and start the TFTP session or is there usually something blocking it?

Thanks a lot in advance,

Andy

Labels:
0 Helpful
3 Replies 3

vitripat
Level 7
Level 7

‎07-10-2007 08:20 AM

You can get console access to PIX exactly the same way as you do on a router. Similarly, you need to connect the TFTP server to one of the interfaces and use the "copy tftp flash" command

to pick the image from the tftp server.

If you dont have sufficient space in flash, you may have to delete some files to accomodate the files you need to copy.

Thereafter, once you have the PIX OS and ASDM images on flash, you need to specify these images to be used for operation.

boot system flash:/

asdm image flash:/

Hope this helps.

Regards,

Vibhor.

andreas.schnell
Level 1
Level 1
In response to vitripat

‎07-10-2007 09:54 AM

Hi Vibhor,

yes it helps. Thanks.

I was just wondering because in the PIX config, there was nothing specified like on a router, e.g.:

console 0

login local

or

console 0

login

password xyz

In addition, do i have to put in the command "security-level 0" on the inside interface in order to allow the TFTP traffic or is this not influenced by it at all?

Thanks again,

Andy

0 Helpful

vitripat
Level 7
Level 7
In response to andreas.schnell

‎07-10-2007 10:54 AM

You dont need to specify security-level 0 command on inside interface. By default, inside interface will have security-level of 100. You do need security-level on the interface though to have it enabled.

However, the security-level does not influence communication with TFTP server on the same interface.

Hope that helps.

Regards,

Vibhor.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card