After successfully upgrading my PIX 515e with failover unit from 6.3 to 7.0 (upgrade and testing done separately for each unit),and powering up the failover after the primary unit has been up, i discovered that the failover was not working as all interfaces were waiting. So on removing the failover unit and poering it up separately with console cable, it was continuous rebooting and hence could not boot. What can i do to put back the image and failover?.
Look for procedure under "PIX Without a Floppy Drive". Even though the procedure is for password recovery, you can also use ot for image recovery by changing the image file name to PIX image file.
Basically, you need a pc/workstation with TFTP service to enable PIX to download (via tftp) the image back to into the flash.
First, you need to get access to your PIX console. Connect your pc/laptop to PIX via console cable, and have your hyperterminal or any similar tool like SecureCRT ready .Power-up the pix, and immediately do 'control-break' to go to rommon mode. Select the interface to be used to download the image, configure temporary IP Addresses to use and start the image download processes. Example:
>interface 0 --> select interface to use
>address 10.21.1.99 --> assign temp address for PIX
>server 172.18.125.3 --> specify tftp server/pc ip address
>file --> specify the PIX 6.x image file
>gateway 10.21.1.1 --> gateway to be used by PIX & TFTP server. Leave empty if you connect PIX direct to TFTP server via cross-over cable
>ping 172.18.125.3 --> test ping to ensure PIX can reach TFTP server
>tftp --> start the image download process
Make sure the correct PIX image file & PDM file are already in your TFTP directory. You can load image v6.3 before proceed with ver 7.x upgrade. Do it as a standalone process if your Primary/Active PIX is already running on Pix 7.x image. Once your Failover unit is fully recovered, upgrade it to Pix 7.x.
To copy pdm image from CLI, use "copy tftp flash:pdm". Same goes to ASDM image once you already load Pix 7.x.
Cisco TAC did provide method to do image upgrade when your PIX Firewalls are in active/standby mode.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :