cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
468
Views
0
Helpful
3
Replies

Upgrade of PIX 6.3 to 7.0

o.oresotu
Level 1
Level 1

Hi,

After successfully upgrading my PIX 515e with failover unit from 6.3 to 7.0 (upgrade and testing done separately for each unit),and powering up the failover after the primary unit has been up, i discovered that the failover was not working as all interfaces were waiting. So on removing the failover unit and poering it up separately with console cable, it was continuous rebooting and hence could not boot. What can i do to put back the image and failover?.

3 Replies 3

a.kiprawih
Level 7
Level 7

Hi,

You can do image recovery to re-install the image back to your PIX.

BTW, there are a few reasons why PIX continuously to reboot, e.g insufficient flash/memory or running on wrong image file. Perform image recovery, as shown in the following url:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml

Look for procedure under "PIX Without a Floppy Drive". Even though the procedure is for password recovery, you can also use ot for image recovery by changing the image file name to PIX image file.

Basically, you need a pc/workstation with TFTP service to enable PIX to download (via tftp) the image back to into the flash.

First, you need to get access to your PIX console. Connect your pc/laptop to PIX via console cable, and have your hyperterminal or any similar tool like SecureCRT ready .Power-up the pix, and immediately do 'control-break' to go to rommon mode. Select the interface to be used to download the image, configure temporary IP Addresses to use and start the image download processes. Example:

>interface 0 --> select interface to use

>address 10.21.1.99 --> assign temp address for PIX

>server 172.18.125.3 --> specify tftp server/pc ip address

>file --> specify the PIX 6.x image file

>gateway 10.21.1.1 --> gateway to be used by PIX & TFTP server. Leave empty if you connect PIX direct to TFTP server via cross-over cable

>ping 172.18.125.3 --> test ping to ensure PIX can reach TFTP server

>tftp --> start the image download process

Make sure the correct PIX image file & PDM file are already in your TFTP directory. You can load image v6.3 before proceed with ver 7.x upgrade. Do it as a standalone process if your Primary/Active PIX is already running on Pix 7.x image. Once your Failover unit is fully recovered, upgrade it to Pix 7.x.

To copy pdm image from CLI, use "copy tftp flash:pdm". Same goes to ASDM image once you already load Pix 7.x.

Cisco TAC did provide method to do image upgrade when your PIX Firewalls are in active/standby mode.

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_guide_chapter09186a0080450b92.html#wp1053398

Rgds,

AK

Hi,

the image recovery to v6.3 was sucessful but the PIX still reboots continuously. The RAM is 128MB and the flash is 16MB. What can i do next?.

Thanks. i'm okay now. I had to use the v7.0 image with the procedure for the image recovery. I think this is cos the software upgrade was successful before the image got corrupted.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: