I have a single UR PIX 515e running 6.3.3 in production. I'm adding a FO PIX 515e but it's running 6.3.1. I tried to add an IP address to the new FO PIX, it accepted the configuration and the inside interface got a link with my laptop. But TFTP and ICMP traffic would not pass to the PIX. How do I upgrade the FO PIX to 6.3.3 without the UR PIX.
You don't need to have the FO pix plugged into the UR just to upgrade the software. Without the failover cable attached, the FO will "randomly" reboot itself to prevent it being used alone. (message can be seen at boot time on the console) This won't affect you're upgrade process.
Simply plug a crossover cable on the inside interface to your laptop, assign an IP, and ping your laptop to test. By default, the Pix accepts ping request/replies. Once you can ping successfully, use tftp to pull the image on.
The FO PIX's inside interface was enabled and up/up. I couldn't ping from the FO PIX or the Laptop. Remember the FO PIX was never connected to a UR PIX to get a configuration. Can the FO PIX configuration work (meaning pass traffic) without ever being connected to a UR PIX?
Yes. The FO can operate solo but will reboot itself at random intervals to avoid licensing abuse. Otherwise, you wouldn't be able to replace the UR when it fails.
Just for fun, try connecting the secondary end of the cable to the FO without it being connected on the UR. The Pix can tell when the cable is connected even if nothing is on the other end. This simulates the scenario where the UR dies and is removed for replacement.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :