Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
468
Views
0
Helpful
4
Replies

Upgrading Pix 525 -- HELP!

wsitu
Level 1
Level 1

‎02-07-2003 05:39 PM - edited ‎02-20-2020 10:33 PM

I have a Pix 525 running 5.2(5) code in production. We purchased another 525 with failover license only, to create a failover set. The problem is that this pix is running 6.1(2) code. I don't believe I can configure them in failover mode unless they have the same ios code. The goals are to upgrade both Pix to 6.1(4) code and configure them in stateful failover mode. I've read the upgrading pix white paper. It seems that my logical procedures would either down grade new pix to 5.2(5) code and set up failover first. Then upgrade them to 6.1(4). Or upgrade production Pix to 6.1(2), and connect the failover pix. Ensure failover is operational, then upgrade both to 6.1(4). Can someone please let me know what is the correct procedure?

0 Helpful
4 Replies 4

jeff.k
Level 1
Level 1

‎02-08-2003 08:54 AM

1. I'd recommend 6.2(2).

2. Upgrade primary pix to 6.2(2). If necessary for your comfort level, let it run for a little while to assure yourself of its stability (I'd definitely recommend it over 6.1(x)

3. With the secondary off of the network, upgrade it to 6.2(2).

4. Then configure the primary for stateful failover IAW with the previously mentioned doc.

5. When the opportunity permits, test failover so you're convinced of how well it will work when you need it (better to schedule a short outage period then to have an unplanned one because you didn't have it configured the way you meant).

HTH

Jeff

0 Helpful

wsitu
Level 1
Level 1
In response to jeff.k

‎02-09-2003 12:31 AM

Jeff,

Thanks for your feedback. Just curious why would you recommend 6.2(2) over 6.1(4) GD code? And also which upgrade path would you suggest?

0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to wsitu

‎02-10-2003 05:41 PM

Not sure on Jeff's reasonings for suggesting 6.2(2), but I agree with him. My reasonings are later code in the PIX is always (alright, generally) more reliable than older code, specifically as we fix bugs. 6.2(1) did have some bugs, but 6.2(2) is pretty stable now. Later code in routers is not always the best thing to go with, but with the PIX I always suggest the latest code.

As for the upgrade path, I think Jeff outlined it pretty well. Upgrade the primary straight to 6.2(2) and let it run for a while. Upgrade the failover off-line at any time. At some point in the future, connect them together.

You should be able to go from 5.2 to 6.2 directly, but if you're really concerned you could go 5.2 -> 6.1 -> 6.2.

0 Helpful

wsitu
Level 1
Level 1
In response to gfullage

‎02-11-2003 01:00 AM

Thank you very much for your help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card