Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
663
Views
0
Helpful
4
Replies

Upgrade 515E from 6.3.4 to &7.2.2

rctybk
Level 1
Level 1

‎02-07-2007 08:30 AM - edited ‎03-11-2019 02:30 AM

While trying to upgrade, I received a timeout error using the copy TFTP command. I am unable to ping any internal host on the LAN from the PIX and cannot ping from any internal host to the PIX. All internal hosts still get internet access. Attached is the config file of the PIX. Any help is greatly appreciated!

Labels:
Preview file
4 KB
0 Helpful
4 Replies 4

zulqurnain
Level 3
Level 3

‎02-08-2007 02:04 AM

hello,

I believe you have two question which you want the answers for.

Q1. you cannot upgrade to 7.2.2 from 6.3.4, you get timeout error.

A1. Which tftp are you using? you can use solarwind TFTP server, it is very easy to use. also which ever TFTP you have, check if it is allowed to transmit as well as recevie usually by default TFTP server are only set to recevie.

Q2. You cannot PING from PIX or to PIX from LAN

A2. by default PIX deny all icmp traffic, therefore you can allow this by using correct ACL on your inside interface e.g

//to allow icmp on PIX inside interface

access-list acl_in permit icmp any any unreachable

access-list acl_in permit icmp any any time-exceeded

access-list acl_in permit icmp any any echo-reply

//to apply ACL to inside interface

access-group acl_in in interface inside

HTH, please rate if it do

0 Helpful

rctybk
Level 1
Level 1
In response to zulqurnain

‎02-08-2007 07:17 AM

Thanks for the help, but I still can't ping to or from the inside interface to or from the LAN after applying the ACL.

I use solarwind TFTP server and have updated the pix before and the settings are all correct for send and receive.

I do have a new HP 2824 switch between the PIX and TFTP - I do not know if this could be the problem or not.

Any help is greatly appreciated!

0 Helpful

zulqurnain
Level 3
Level 3
In response to rctybk

‎02-09-2007 02:45 AM

hello,

tell you what, first upgrade to 7 from 6.3, then go for 7.2

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/pix_upgd/pixupgrd.pdf

as for the icmp, do you think it's possible to connect to PIX using cross cable with a laptop and ping, as i don't know what sort of configuration you have on your HP switch. This would really eliminate the question of doubt.

HTH, PRI

0 Helpful

jain.nitin
Level 3
Level 3

‎02-11-2007 04:32 AM

Hi, I saw ur configuration. I suggest u to remove this command & check:- ip verify reverse-path interface inside

I hope after removing it u wud b able to ping. Regarding upgradation of Firewall OS from 6.x to 7.2, First update to 7.0 then go for 7.2.2. Before upgrading to 7.0 check the memory of ur firewall. U need atleast 128 Mb RAM if u hv UR license, & 64 MB if u have R license.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card