my question is how to upgrade software on PIXes running as EZVPN client in a remote location/office. This locatios usualy have no server for TFTP or HTTP/S. With management-access command this protocols are not supportet.
Let me see if I understand your problem. I think what you want to do is upgrade a PIX from another location via the outside interface. This is not possible, cause you cannot telnet to the outside interface, only when using a VPN client it is possible to telnet (via the VPN tunnel) to the outside interface of the PIX.
Problem is that if you start an upgrade with the command:
copy tftp flash:image
this will not work, because the PIX terminates all security associations during this upgrade, and this results in loosing your connection with the PIX. I have tried it once, and ended up by driving to the remote location with my laptop in the back of the car :-(
So, what you want to achieve is not possible at this moment, however, in one of the recent threads at this forum, there has been a discussion about the default behavior of the PIX, especially about the limitation that you can not telnet to the outside interface (without a VPN tunnel).
The Cisco engineer involved in this discussion has done a feature request for this one, so, maybe with the next major release update it will be possible (but you would have to go to the location to install this new image first, so, it does not solve your problem for now).
Question, is there no Cisco switch or router in place at this location, which has enough flash space available, cause maybe you can use this one as a tftp server. But it´s just an idea :-)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...