Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX515 Console Access & IOS Upgrade

Hello everybody,

i'm new into the whole PIX thing, so i'm sorry if my question seems to be "easy". :-)

I was looking at the config of a PIX where i need to do a upgrade of the IOS and the ASDM via CLI. If i compare it to a router, where i know what i'm doing, it seems to be quite different.

On a router i would get access via the console, get connection to a TFTP server that i'm connection to the LAN interface and start the upgrade via "copy tftp flash".

In regards of the PIX i have now a few question marks?

How do i get console access, do i need to configure something in order to get it granted?

Can i also simply plug a PC to the inside interface and start the TFTP session or is there usually something blocking it?

Thanks a lot in advance,



Re: PIX515 Console Access & IOS Upgrade

You can get console access to PIX exactly the same way as you do on a router. Similarly, you need to connect the TFTP server to one of the interfaces and use the "copy tftp flash" command

to pick the image from the tftp server.

If you dont have sufficient space in flash, you may have to delete some files to accomodate the files you need to copy.

Thereafter, once you have the PIX OS and ASDM images on flash, you need to specify these images to be used for operation.

boot system flash:/

asdm image flash:/

Hope this helps.



New Member

Re: PIX515 Console Access & IOS Upgrade

Hi Vibhor,

yes it helps. Thanks.

I was just wondering because in the PIX config, there was nothing specified like on a router, e.g.:

console 0

login local


console 0


password xyz

In addition, do i have to put in the command "security-level 0" on the inside interface in order to allow the TFTP traffic or is this not influenced by it at all?

Thanks again,



Re: PIX515 Console Access & IOS Upgrade

You dont need to specify security-level 0 command on inside interface. By default, inside interface will have security-level of 100. You do need security-level on the interface though to have it enabled.

However, the security-level does not influence communication with TFTP server on the same interface.

Hope that helps.