Upgrading the PIX OS
If the PIX Firewall unit is currently running an OS versions
5.1.1 or later and has a DES or 3DES activation key, use the copy
tftp flash command to download the latest software image from a TFTP server.
The copy tftp flash command process is virtually identical to
the typical method for upgrading an IOS on a Cisco router. The new image is used
by the PIX Firewall on the next reload (reboot).
Regardless of the upgrade method, the latest PIX OS can be
downloaded from the PIX Software Download page on the www.cisco.com site. A CCO account is
necessary to get to this site. If necessary, Cisco TFTP Server software can be
downloaded from this same site. The PIX images have names like pix622.bin.
Use the following steps to upgrade the PIX unit using the copy tftp flash command.
-
Make sure the TFTP server is running and the appropriate PIX
Firewall binary image (pixnnn.bin) file was copied to the
folder TFTP uses as its source.
-
Confirm connectivity between the PIX unit and the TFTP
server by pinging the server from PIX Privilege mode prompt.
-
At the PIX Privilege mode prompt, type the copy tftp flash command.
-
Type the TFTP server IP address when prompted for the remote
host.
-
Type the PIX binary filename when prompted for the source
filename.
-
Type yes to confirm the
process.
The screen output should look something like this:
Pix# copy tftp flash
Address or name of remote host [127.0.0.1]? 192.168.1.10
Source file name [cdisk]? pix622.bin
copying tftp://192.168.1.10/pix622.bin to flash:image
[yes|no|again]?yes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!
Received 1658880 bytes.
Erasing current image.
Writing 1540152 bytes of image.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Image installed.
Pix#
|
Note |
While this, undoubtedly, was a temporary problem, I couldn’t
get these instructions by searching from the www.cisco.co site. Only the older
instructions appeared (see the next section). Going to the Cisco TAC site www.cisco.com/tac did locate the
latest PIX upgrade document. The point is this: don’t forget that site as an
additional resource for Cisco technologies. |
Older Upgrade
Methods
If the PIX Firewall unit is currently running an OS version
earlier than 5.1.1 or doesn’t have a DES or a 3DES activation key (requiring a
new activation key), it will be necessary to use a method virtually identical to
the password recovery process.
PIX Units
Without a Floppy Drive
Use exactly the same steps as the password recovery, except
use the PIX binary image file, such as pix622.bin, as the
source filename. In this process, you type a series of one-word commands,
followed by an IP address or filename.
-
Start a console session with the PIX unit console port.
-
Make sure the TFTP server is running and the appropriate PIX
Firewall binary image (pixnnn.bin) file was copied to the
folder TFTP uses as its source.
-
Power on the PIX Firewall and, as soon as the startup
messages appear, send a BREAK character or press the ESC key. For Windows
HyperTerminal, use CTRL+BREAK. You might have to do this several times. The monitor> prompt will indicate success.
-
Make the following entries, pressing ENTER after each. The
command is repeated or responded to on the next line.
After the image downloads, when you’re prompted to install the new
image, type y to install the image in Flash. When you’re
prompted to enter a new activation key, type y if you want to
enter a new activation key, or type n to keep the existing
key.
monitor> interface 1 (PIX interface to TFTP)
0: i8255X @ PCI(bus:0 dev:14 irq:10)
1: i8255X @ PCI(bus:0 dev:13 irq:11)
Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC: 0002.b945.a23c
monitor> address 192.168.1.1 (PIX interface address)
address 192.168.1.1
monitor> server 192.168.1.10 (TFTP server address)
server 192.168.1.10
monitor> file pix622.bin (PIX image name)
file pix622.bin
monitor> ping 192.168.1.10 (Test connectivity to TFTP)
Sending 5, 100-byte 0xcde2 ICMP Echoes to 192.168.1.10, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor> tftp (execute the TFTP copy)
tftp pix622.bin@192.168.1.10.........................................
Received 1658880 bytes
Cisco Secure PIX Firewall admin loader (3.0) #0: Tue Dec 7:35:46 PST 2002
Flash=i28F640J5 @ 0x300
BIOS Flash=AT29C257 @ 0xfffd8000
Flash version 6.2.2, Install version 6.2.2
Do you wish to copy the install image into flash? [n] y
Installing to flash
Serial Number: 480380761 (0x1ca20759)
Activation Key: 760754d0 39f62229 a4a0245f b5b87e80
Do you want to enter a new activation key? [n] n
Writing 1540152 bytes image into flash...
PIX Units with a Floppy Drive
For PIX Classic, 10000, 510, and 520, only two reasons exist
to upgrade using a bootable floppy disk:
Use the following steps to create a bootable floppy disk in
Windows.
-
Go to the PIX Software Download page on the www.cisco.com site and download the
rawrite.exe utility, the PIX binary image (pixnnn.bin), and the boothelper (bhnn.bin)
binary file that matches the upgrade version. For an upgrade to 6.1(1), the
three files would be rawrite.exe, pix611.bin, and bh61.bin.
-
Place a blank 3.5” floppy disk in the computer floppy drive,
and run the rawrite.exe. When prompted, type the name of the
file you want written to the floppy disk. If upgrading to PIX versions 5.1 or
earlier, type the PIX image itself (pixnnn.bin); for upgrading
to PIX versions 5.2 or later, type the PIX boothelper file (bhnn.bin). The following output shows the boothelper results:
C:\>rawrite
RaWrite 1.2 - Write disk file to raw floppy diskette
Enter source file name: bh61.bin
Enter destination drive: a:
Please insert a formatted diskette into drive A: and press -ENTER- :
Number of sectors per track for this disk is 18.
Writing image to drive A:. Press ^C to abort.
Track: 11 Head: 1 Sector: 16
Done.
C:\>
-
Insert the 3.5” floppy disk just created in the PIX Firewall
diskette drive and reboot or power up the PIX.
-
If upgrading to PIX 5.1 or earlier, remove the floppy disk
from the PIX drive and reboot the PIX. The new image is loaded.
-
If upgrading to PIX 5.2 or later with the boothelper program
on the floppy, the PIX will come up in boothelper mode or Monitor mode. To
complete the upgrade, follow the steps for PIX without floppy drive in the last
section.
820 times read
|
|
|
Did you enjoy this article?
(total 0 votes)
|
Sections
Comments (0 posted)
Syndication
