Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 515E SW Upgrade on Standby unit

I have purchase 2 515E's in failover bundle. They are configured with v6.1 and I want to upgrade them to v6.2 so that I can run standby over the LAN instead of failover cable.

I have upgraded the software on the active PIX and I cannot upgrade the SW on the standby unit. Firstly it wont allow me to get into privilaged mode (not connected to a failver partner yet).

I tried upgrading via Monitor mode but that starts and then constantly timesout on the tftp server. The IP address on the pix is in the same subnet as the tftp server and I can ping the server from the pix but not the other way around.

Any ideas on how to do this?

3 REPLIES
Cisco Employee

Re: PIX 515E SW Upgrade on Standby unit

The instructions for this are all here:

http://www.cisco.com/warp/public/110/upgrade.shtml

Make sure you're following them to the letter. Take note of the "interface" command once in monitor mode, this is the interface (defaults to inside) that the PIX will try and contact the TFTP server.

New Member

Re: PIX 515E SW Upgrade on Standby unit

I've followed those directions and still not working. I have tried using 2 different tftp servers. Here is the console info from the pix.

monitor> address

address 53.254.166.201

monitor> file

file pix622.bin

monitor> gateway

gateway 53.254.166.1

monitor> interface 1

0: i8255X @ PCI(bus:0 dev:14 irq:10)

1: i8255X @ PCI(bus:0 dev:13 irq:11)

2: i8255X @ PCI(bus:0 dev:19 irq:5 )

Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC: 000b.5fe2.4268

monitor> server

server 53.254.166.102

monitor> ping 53.254.166.102

Sending 5, 100-byte 0x7cee ICMP Echoes to 53.254.166.102, timeout is 4 seconds:

!!!!!

Success rate is 100 percent (5/5)

monitor> tftp

tftp pix622.bin@53.254.166.102 via 53.254.166.1.................................

................................................................................

................................................................................

................................................................................

................................................... (I eventually pressed Ctrl-Break here)

TFTP failed (return:-12 arg:0x0)

monitor>

TFTP Server error message:

3/18/2003 11:23 :Timeout error sending pix622.bin to 53.254.166.201, 0 bytes

3/18/2003 11:23 :Timeout error sending pix622.bin to 53.254.166.201, 0 bytes

3/18/2003 11:23 :Timeout error sending pix622.bin to 53.254.166.201, 0 bytes

3/18/2003 11:23 :Timeout error sending pix622.bin to 53.254.166.201, 0 bytes

3/18/2003 11:23 :Timeout error sending pix622.bin to 53.254.166.201, 0 bytes

Cisco Employee

Re: PIX 515E SW Upgrade on Standby unit

It certainly seems like the two can't talk TFTP to each other, altohugh it looks like the packet from the PIX to the server is getting there, maybe not in the other direction though. Check your internal network in between the PIX and router and make sure there's no ACL's anywhere that'll be blocking TFTP traffic.

Just to check, this is on your inside network, right? The IP addresses you have seem ot be valid global ones, not private, so just want to be sure. If the TFTP server is on the outside interface, then you need to specify "interface 2" instead of "interface 1".

114
Views
0
Helpful
3
Replies
CreatePlease login to create content