Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

MD5 Hash for PIX515 IOS does not match verify

I recently upgraded our PIX515 firewall from Version 7.2.2 to 7.2.4 and I wanted to verify the MD5 hash for the downloaded IOS. However the hash generated on the PIX using the verify command does not match the hash published on the cisco download website. Published hash is f2f6b88ea1b4a0b33045b3b18d0fb852, generated hash is fdcd....   . I checked the 7.2.2 MD5 on a firewall I haven't upgraded yet and that doesn't match either. Am I missing something ?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: MD5 Hash for PIX515 IOS does not match verify

OK, so you downloaded an interim release - 7.2.4(30), instead of the main release of 7.2.4.

The checksum for 7.2.4(30) is correct and matches what you advised earlier: fdcd3a9d884baf0ec0aad78048f0e441

You can check it out from here:

http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=cisco/internal/special/ciscosecure/pix/pix724-30.bin&app=Tablebuild&status=showC2A

Hope that clarifies the confusion.

7 REPLIES
Cisco Employee

Re: MD5 Hash for PIX515 IOS does not match verify

Make sure that you have downloaded the complete file from cisco.com, and also uploaded the complete image file to the PIX firewall.

Double check if the file size is the same, according to cisco.com download site, PIX 7.2.4 is 8515584 bytes.

New Member

Re: MD5 Hash for PIX515 IOS does not match verify

The size reported on the device is 8589312 and the file is listed as pix724-30.bin rather than image.bin (as previously when 7.2.2 was loaded - this was upgrade from version 6).  I loaded it using putty pscp.  On reload the firewall comes up with the new IOS and appears to work OK.  Hmmmmmm???

Cisco Employee

Re: MD5 Hash for PIX515 IOS does not match verify

OK, so you downloaded an interim release - 7.2.4(30), instead of the main release of 7.2.4.

The checksum for 7.2.4(30) is correct and matches what you advised earlier: fdcd3a9d884baf0ec0aad78048f0e441

You can check it out from here:

http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=cisco/internal/special/ciscosecure/pix/pix724-30.bin&app=Tablebuild&status=showC2A

Hope that clarifies the confusion.

New Member

Re: MD5 Hash for PIX515 IOS does not match verify

Many thanks for your help, I just realised the same - the IOS was upgraded on the back of a security vulnerability (http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml) which recommended 7.2.4(30) and contained a link to a place to download it from. This version doesn't appear to be available via the cisco.com - support - security - download IOS etc route.

Our patch documentation was put together, mistakenly, using the the checksum taken from the cisco.com support page for version 7.2.4

Again many thanks for your help.

Francis

New Member

Re: MD5 Hash for PIX515 IOS does not match verify

I just found the interim release page ... and I noticed the caveat on interim releases

"Important:  These images were not fully regression tested.  Each individual fix was unit tested, and the image has had a limited amount of automated regression testing to confirm a baseline of functionality.  Keep this testing status in mind if you decide to run them in a production environment.  We strongly encourage you to upgrade to a fully tested Maintenance or Feature release when it becomes available."

We plan to run this in a production environment.  Couple of questions, would you recommend this and do you know when a fully tested Maintenance or Feature releasewill be made available.

Thanks

Francis

Cisco Employee

Re: MD5 Hash for PIX515 IOS does not match verify

Should not be a problem as it is recommended due to the vulnerabilities.

Or, you can wait for 7.2.5 which should be out in a couple of months.

New Member

Re: MD5 Hash for PIX515 IOS does not match verify

Any news on the 7.2.5 release?

595
Views
0
Helpful
7
Replies
CreatePlease to create content