- Posts: 1
- Thank you received: 0
Newb' Problems Upgrading 535 to 7.0(4)
- funkymrmagic
- Topic Author
- Offline
- New Member
Less
More
18 years 6 months ago #14635
by funkymrmagic
Newb' Problems Upgrading 535 to 7.0(4) was created by funkymrmagic
Hi,
I've started working for a new company, and they've asked me to upgrade a spare Pix 535 to the latest version of software. It's not something I've done before and I'm having trouble. The unit only has a failover license (FO), but to the best of everyone's knowledge has never even been connected to the main firewall, let alone the network.
So, I've left the failover cable disconnected, and booted the router into monitor mode, configured the interface/tftp server settings, and TFTP'd the software image across with no problems. When the router reloads with the new image, I'm not able to connect to the TFTP server on my laptop to copy the image into flash. Initially, I got an error about there being no route, so I configured one, but even then, I'm not able to even ping the laptop when it's directly connected. Can anyone see anything wrong with this config (below), or suggest where I might be going wrong? There should be no gateway needed, as the laptop running the TFTP server is directly connected on ethernet0, but I have to specify one for the route - is the IP of the interface the correct address to be using, or should it be the next hop "device" - which in this case is actually the laptop?
Pix Version 7.0(4)
!
hostname pixfirewall
domain-name xxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxx encrypted
!
interface GigabitEthernet0
no nameif
no security-level
no ip address
!
interface GigabitEthernet1
no nameif
no security-level
no ip address
!
interface Ethernet0
nameif inside
security-level 100
ip address 20.0.0.20 255.255.255.0
!
interface Ethernet1
no nameif
no security-level
no ip address
!
passwd xxxxxxxx encrypted
ftp mode passive
pager lines 24
mtu inside 1500
mtu outside 1500
no failover
no asdm history enable
route inside 0.0.0.0 0.0.0.0 20.0.0.20 1
!
! timeout and snmp lines removed here
!
telnet timeout 5
ssh timeout 5
console timeout 5
Cryptochecksum: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
: end
Any help you could give is very much appreciated.
I've started working for a new company, and they've asked me to upgrade a spare Pix 535 to the latest version of software. It's not something I've done before and I'm having trouble. The unit only has a failover license (FO), but to the best of everyone's knowledge has never even been connected to the main firewall, let alone the network.
So, I've left the failover cable disconnected, and booted the router into monitor mode, configured the interface/tftp server settings, and TFTP'd the software image across with no problems. When the router reloads with the new image, I'm not able to connect to the TFTP server on my laptop to copy the image into flash. Initially, I got an error about there being no route, so I configured one, but even then, I'm not able to even ping the laptop when it's directly connected. Can anyone see anything wrong with this config (below), or suggest where I might be going wrong? There should be no gateway needed, as the laptop running the TFTP server is directly connected on ethernet0, but I have to specify one for the route - is the IP of the interface the correct address to be using, or should it be the next hop "device" - which in this case is actually the laptop?
Pix Version 7.0(4)
!
hostname pixfirewall
domain-name xxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxx encrypted
!
interface GigabitEthernet0
no nameif
no security-level
no ip address
!
interface GigabitEthernet1
no nameif
no security-level
no ip address
!
interface Ethernet0
nameif inside
security-level 100
ip address 20.0.0.20 255.255.255.0
!
interface Ethernet1
no nameif
no security-level
no ip address
!
passwd xxxxxxxx encrypted
ftp mode passive
pager lines 24
mtu inside 1500
mtu outside 1500
no failover
no asdm history enable
route inside 0.0.0.0 0.0.0.0 20.0.0.20 1
!
! timeout and snmp lines removed here
!
telnet timeout 5
ssh timeout 5
console timeout 5
Cryptochecksum: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
: end
Any help you could give is very much appreciated.
18 years 6 months ago #14644
by d_jabsd
Replied by d_jabsd on topic Re: Newb' Problems Upgrading 535 to 7.0(4)
A failover licensed Pix won't work without its Unrestricted licensed partner. You will be able to upgrade the PixOS, but that is it.
This is how cisco prevents people from trying to save a few bucks by redeploying a FO pix somewhere else. The only way to use this Pix is to pay for an upgrade to the Unrestricted license. Then you could move this pix into the mix, upgrade the other and run active/active, or set aside some downtime, upgrade the other pix to the same PixOS version, plug in the failover cables and run in active/standby mode.
This is how cisco prevents people from trying to save a few bucks by redeploying a FO pix somewhere else. The only way to use this Pix is to pay for an upgrade to the Unrestricted license. Then you could move this pix into the mix, upgrade the other and run active/active, or set aside some downtime, upgrade the other pix to the same PixOS version, plug in the failover cables and run in active/standby mode.
Time to create page: 0.111 seconds