Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Newb' Problems Upgrading 535 to 7.0(4)

Newb' Problems Upgrading 535 to 7.0(4) 13 years 2 months ago #14635


I've started working for a new company, and they've asked me to upgrade a spare Pix 535 to the latest version of software. It's not something I've done before and I'm having trouble. The unit only has a failover license (FO), but to the best of everyone's knowledge has never even been connected to the main firewall, let alone the network.

So, I've left the failover cable disconnected, and booted the router into monitor mode, configured the interface/tftp server settings, and TFTP'd the software image across with no problems. When the router reloads with the new image, I'm not able to connect to the TFTP server on my laptop to copy the image into flash. Initially, I got an error about there being no route, so I configured one, but even then, I'm not able to even ping the laptop when it's directly connected. Can anyone see anything wrong with this config (below), or suggest where I might be going wrong? There should be no gateway needed, as the laptop running the TFTP server is directly connected on ethernet0, but I have to specify one for the route - is the IP of the interface the correct address to be using, or should it be the next hop "device" - which in this case is actually the laptop?

Pix Version 7.0(4)
hostname pixfirewall
domain-name xxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxx encrypted
interface GigabitEthernet0
no nameif
no security-level
no ip address
interface GigabitEthernet1
no nameif
no security-level
no ip address
interface Ethernet0
nameif inside
security-level 100
ip address
interface Ethernet1
no nameif
no security-level
no ip address
passwd xxxxxxxx encrypted
ftp mode passive
pager lines 24
mtu inside 1500
mtu outside 1500
no failover
no asdm history enable
route inside 1
! timeout and snmp lines removed here
telnet timeout 5
ssh timeout 5
console timeout 5
Cryptochecksum: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
: end

Any help you could give is very much appreciated.

Re: Newb' Problems Upgrading 535 to 7.0(4) 13 years 2 months ago #14644

A failover licensed Pix won't work without its Unrestricted licensed partner. You will be able to upgrade the PixOS, but that is it.

This is how cisco prevents people from trying to save a few bucks by redeploying a FO pix somewhere else. The only way to use this Pix is to pay for an upgrade to the Unrestricted license. Then you could move this pix into the mix, upgrade the other and run active/active, or set aside some downtime, upgrade the other pix to the same PixOS version, plug in the failover cables and run in active/standby mode.
  • Page:
  • 1
Time to create page: 0.095 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup