04-01-2010 02:22 PM - edited 03-11-2019 10:28 AM
Attached is the log of an upgrade on a PIX 515 from 6.35 to 7.01. As far as I can tell I am following all the required steps but once the upgrade is complete and I reload the system no bootable image can be found. I used the monitor approach (as recommended) to upgrade the unit and once the upgrade was complete I copied over the PIX701.bin image to the flash and performed a wr mem. As this is no longer a supported item then I'm hoping some can point out a step I missed that will make this work.
Thanks,
gb
04-01-2010 02:30 PM
Looks like you did not complete the upgrade - follow the below:-
Complete these steps in order to upgrade your PIX from Monitor Mode.
Note: Fast Ethernet cards in 64-bit slots are not visible in monitor mode. This problem means that the TFTP server cannot reside on one of these interfaces. The user should use the copy tftp flash command in order to download the PIX Firewall image file through TFTP.
Copy the PIX Appliance binary image (for example, pix701.bin) to the root directory of the TFTP server.
Enter Monitor Mode on the PIX. If you are unsure how to do this, see the instructions for how to enter Monitor Mode in this document.
Note: Once in Monitor Mode, you can use the "?" key to see a list of available options.
Enter the interface number that the TFTP server is connected to, or the interface that is closest to the TFTP server. The default is interface 1 (Inside).
monitor>interface
Note: In Monitor Mode, the interface always auto negotiates the speed and duplex. The interface settings cannot be hard coded. Therefore, if the PIX interface is plugged into a switch that is hard coded for speed/duplex, then reconfigure it to auto negotiate while you are in Monitor Mode. Also be aware that the PIX Appliance cannot initialize a Gigabit Ethernet interface from Monitor Mode. You must use a Fast Ethernet interface instead.
Enter the IP address of the interface defined in step 3.
monitor>address
Enter the IP address of the TFTP server.
monitor>server
(Optional) Enter the IP address of your gateway. A gateway address is required if the interface of the PIX is not on the same network as the TFTP server.
monitor>gateway
Enter the name of the file on the TFTP server that you wish to load. This is the PIX binary image file name.
monitor>file
Ping from the PIX to the TFTP server in order to verify IP connectivity.
If the pings fail, double check the cables, IP address of the PIX interface and the TFTP server, and the IP address of the gateway (if needed). The pings must succeed before you continue.
monitor>ping
Type tftp in order to start the TFTP download.
monitor>tftp
The PIX downloads the image into RAM and automatically boots it.
During the boot process, the file system is converted along with your current configuration. However, you are not done yet. Note this Warning message after you boot and continue on to step 11:
******************************************************************
** **
** *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** **
** **
** ----> Current image running from RAM only! <---- **
** **
** When the PIX was upgraded in Monitor mode the boot image was not **
** written to Flash. Please issue "copy tftp: flash:" to load and **
** save a bootable image to Flash. Failure to do so will result in **
** a boot loop the next time the PIX is reloaded. **
** **
************************************************************************
Once booted, enter enable mode and copy the same image over to the PIX again. This time use the copy tftp flash command.
This saves the image into the Flash file system. Failure to perform this step results in a boot loop the next time the PIX reloads.
pixfirewall>enable
pixfirewall#copy tftp flash
Note: For detailed instructions on how to copy the image over with the use of the copy tftp flash command, see the Upgrade the PIX Security Appliance with the copy tftp flash Command section.
Once the image is copied over using the copy tftp flash command, the upgrade process is complete.
HTH>
Andrew.
04-01-2010 03:02 PM
I believe I followed that step. Here is that section from the log:
************************************************************************
** **
** *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** **
** **
** ----> Current image running from RAM only! <---- **
** **
** When the PIX was upgraded in Monitor mode the boot image was not **
** written to Flash. Please issue "copy tftp: flash:" to load and **
** save a bootable image to Flash. Failure to do so will result in **
** a boot loop the next time the PIX is reloaded. **
** **
************************************************************************
Type help or '?' for a list of available commands.
pix1195> en
Password: ***********
pix1195# copy tftp: flash:
Address or name of remote host []? 192.168.7.3
Source filename []? pix701.bin
Destination filename [pix701.bin]?
Accessing tftp://192.168.7.3/pix701.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Clip-
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file flash:/pix701.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-clip-
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
5124096 bytes copied in 97.380 secs (52825 bytes/sec)
pix1195# wr mem
Building configuration...
Cryptochecksum: 4487ddd8 bfd3bb13 3f6239c3 3dba8148
1576 bytes copied in 2.60 secs (788 bytes/sec)
[OK]
pix1195# sho ver
Cisco PIX Security Appliance Software Version 7.0(1)
Compiled on Thu 31-Mar-05 14:37 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"
pix1195 up 3 mins 18 secs
Hardware: PIX-515, 128 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : media index 0: irq 10
1: Ext: Ethernet1 : media index 1: irq 7
Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.
Serial Number: XXXXXXXXX
Running Activation Key: XXXXXXXXXX XXXXXXXXXX XXXXXXXXXX XXXXXXXXXX
Configuration has not been modified since last system restart.
pix1195# sho fl
pix1195# sho flash:
Directory of flash:/
6 -rw- 1978424 15:30:19 Apr 01 2010 image_old.bin
9 -rw- 5124096 15:32:47 Apr 01 2010 pix701.bin
12 -rw- 1801 15:29:51 Apr 01 2010 downgrade.cfg
15998976 bytes total (8886784 bytes free)
pix1195# reload
Proceed with reload? [confirm]
pix1195#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Rebooting....
Cisco Secure PIX Firewall BIOS (4.0) #0: Thu Mar 2 22:59:20 PST 2000
Platform PIX-515
Flash=i28F640J5 @ 0x300
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Reading 115200 bytes of image from flash.
PIX Flash Load Helper
Initializing flashfs...
flashfs[0]: 9 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 7112192
flashfs[0]: Bytes available: 8886784
flashfs[0]: Initialization complete.
Booting first image in flash
No bootable image in flash. Please download an image from a network server
in the monitor mode
Failed to find an image to boot
04-01-2010 05:40 PM
More info:
I blew away the flash with erasedisk611.bin and then loaded pix 8.04 from monitor. Everything came up ok. Had to configure a few items (activation key, interfaces, password) and then did copy tftp flash of the pix804.bin file . wr mem and reload. Booted fine. Reload, boot ok. Reload, checksum error on the bin file, no boot. boot loop. I let the boot loop continue while I searched google a bit more. Looked back over at the console and the darn thing booted correctly. I'm leaning towards a flaky flash unless somebody has a better idea.
Cisco Secure PIX Firewall BIOS (4.0) #0: Thu Mar 2 22:59:20 PST 2000
Platform PIX-515
Flash=i28F640J5 @ 0x300
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Reading 102912 bytes of image from flash.
PIX Flash Load Helper
Initializing flashfs...
flashfs[0]: 6 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 7543808
flashfs[0]: Bytes available: 8455168
flashfs[0]: Initialization complete.
Reading image flash:/pix804.bin
sumval(0xfda6) chksum(0x0 )md5(0xaa1b05d9 0x8c60787a 0xc02e8be9 0xb103b05d)
md5(0xecccdeed 0x8330a01f 0x89b05d14 0x9cd51261)
Checksum error in file flash:/pix804.bin
Booting first image in flash
sumval(0xfda6) chksum(0x0 )md5(0xaa1b05d9 0x8c60787a 0xc02e8be9 0xb103b05d)
md5(0x7caf2524 0xa7219a5a 0xb4d636e5 0xe724c957)
Checksum error in file flash:/pix804.bin
No bootable image in flash. Please download an image from a network server
in the monitor mode
Failed to find an image to boot
Rebooting....
04-01-2010 05:53 PM
I would try and download the image one more time and do it all over again.
run fsck disk and format disk as well once you get the code on and then "copy tftp flash:" again.
-KS
04-02-2010 01:33 AM
Agreed, sounds ike the image is corrupt or incomplete.
D/L again and follow all setps.
04-03-2010 09:51 AM
Odd. I didn't tftp the image over again as it did eventually boot. I added the asdm image and configured the pix via asdm. I powered it off and racked it up and when I powered it on it reloaded without an issue. It has been up for a day and a half without any problems.
We'll see how it goes.
Thanks to everyone for your input.
gb
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide