While trying to upgrade, I received a timeout error using the copy TFTP command. I am unable to ping any internal host on the LAN from the PIX and cannot ping from any internal host to the PIX. All internal hosts still get internet access. Attached is the config file of the PIX. Any help is greatly appreciated!
I believe you have two question which you want the answers for.
Q1. you cannot upgrade to 7.2.2 from 6.3.4, you get timeout error.
A1. Which tftp are you using? you can use solarwind TFTP server, it is very easy to use. also which ever TFTP you have, check if it is allowed to transmit as well as recevie usually by default TFTP server are only set to recevie.
Q2. You cannot PING from PIX or to PIX from LAN
A2. by default PIX deny all icmp traffic, therefore you can allow this by using correct ACL on your inside interface e.g
//to allow icmp on PIX inside interface
access-list acl_in permit icmp any any unreachable
access-list acl_in permit icmp any any time-exceeded
as for the icmp, do you think it's possible to connect to PIX using cross cable with a laptop and ping, as i don't know what sort of configuration you have on your HP switch. This would really eliminate the question of doubt.
Hi, I saw ur configuration. I suggest u to remove this command & check:- ip verify reverse-path interface inside
I hope after removing it u wud b able to ping. Regarding upgradation of Firewall OS from 6.x to 7.2, First update to 7.0 then go for 7.2.2. Before upgrading to 7.0 check the memory of ur firewall. U need atleast 128 Mb RAM if u hv UR license, & 64 MB if u have R license.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :