06-17-2010 06:05 AM - edited 03-11-2019 11:00 AM
Hi folks!
We have purchased a used Cisco PIX 515E firewall that I am trying to configure. It was originally password protected, but I have used the password reset utility supplied by Cisco to clear the password and have formatted the flash. I am now trying to load the boot image file from a TFTP server and copy the configuration from another functioning PIX 515E unit that we are basically wanting to duplicate.
I can successfully enter the monitor mode on the unit and download the image file (pix804.bin, in this case) to the unit. I have also successfully copied over the running configuration from the unit we want to duplicate. Immediately after I download the image file, the unit will reboot, will display a few errors with the transferred configuration that need to be corrected, and then will drop me at the console prompt. As long as I don't reboot, everything looks normal. But the moment I reload the unit, it tells me that it cannot find a bootable image file and refuses to boot.
Below I am including a complete log of one of these attempts, from the downloading of the image file in the monitor interface to the failed boot attempt.
Any suggestions would be most appreciated.
- Tom
monitor> address 192.168.1.47
address 192.168.1.47
monitor> server 192.168.1.4
server 192.168.1.4
monitor> file pix804.bin
file pix804.bin
monitor> tftp
tftp pix804.bin@192.168.1.4.....................................................
--- Many Lines of Progress Dots Deleted for Readability ---
................................
Received 7538688 bytes
Cisco Security Appliance admin loader (3.0) #0: Thu Aug 7 19:15:24 MDT 2008
################################################################################
################################################################################
###################################################################
64MB RAM
Total NICs found: 3
mcwa i82559 Ethernet at irq 10 MAC: 000e.833e.f25e
mcwa i82559 Ethernet at irq 11 MAC: 000e.833e.f25f
mcwa i82559 Ethernet at irq 11 MAC: 0002.b3d5.8988
BIOS Flash=am29f400b @ 0xd8000
Initializing flashfs...
flashfs[7]: 5 files, 3 directories
flashfs[7]: 0 orphaned files, 0 orphaned directories
flashfs[7]: Total bytes: 16128000
flashfs[7]: Bytes used: 49664
flashfs[7]: Bytes available: 16078336
flashfs[7]: flashfs fsck took 15 seconds.
flashfs[7]: Initialization complete.
Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Disabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.
Cisco PIX Security Appliance Software Version 8.0(4)
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Copyright (c) 1996-2008 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
...........WARNING: Enabling the logging ftp-bufferwrap feature could cause a
depletion of all available memory under high syslog
rates. Please adjust your buffered logging level
appropriately
*** Output from config line 390, "logging ftp-bufferwrap"
Device Manager image set, but unable to find flash:/asdm-61557.bin
*** Output from config line 401, "asdm image flash:/asdm-6..."
..WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 490, "nat (inside) 1 192.168.0..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 491, "nat (inside) 1 192.168.2..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 492, "nat (inside) 1 192.168.3..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 493, "nat (inside) 1 192.168.4..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 494, "nat (inside) 1 192.168.5..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 495, "nat (inside) 1 192.168.6..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 496, "nat (inside) 1 192.168.7..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 497, "nat (inside) 1 192.168.8..."
WARNING: Binding inside nat statement to outermost interface.
WARNING: Keyword "outside" is probably missing.
*** Output from config line 498, "nat (inside) 1 192.168.9..."
........WARNING: crypto map has incomplete entries
*** Output from config line 684, "crypto map outside_map i..."
WARNING: crypto map has incomplete entries
*** Output from config line 686, "crypto map inside_map in..."
.
Cryptochecksum (unchanged): [Checksum Deleted for Privacy]
Type help or '?' for a list of available commands.
EZ-Ads> enable
Password:
EZ-Ads# reload
Proceed with reload? [confirm]
EZ-Ads#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Rebooting....
CISCO SYSTEMS PIX FIREWALL
Embedded BIOS Version 4.3.207 01/02/02 16:12:22.73
Compiled by morlee
64 MB RAM
PCI Device Table.
Bus Dev Func VendID DevID Class Irq
00 00 00 8086 7192 Host Bridge
00 07 00 8086 7110 ISA Bridge
00 07 01 8086 7111 IDE Controller
00 07 02 8086 7112 Serial Bus 9
00 07 03 8086 7113 PCI Bridge
00 0D 00 8086 1209 Ethernet 11
00 0E 00 8086 1209 Ethernet 10
00 11 00 8086 1229 Ethernet 11
Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001
Platform PIX-515E
System Flash=E28F128J3 @ 0xfff00000
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Reading 115200 bytes of image from flash.
PIX Flash Load Helper
Initializing flashfs...
flashfs[0]: 5 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 16128000
flashfs[0]: Bytes used: 49664
flashfs[0]: Bytes available: 16078336
flashfs[0]: Initialization complete.
Booting first image in flash
No bootable image in flash. Please download an image from a network server
in the monitor mode
Failed to find an image to boot
Rebooting....
Solved! Go to Solution.
06-17-2010 06:43 AM
Hi Tom,
If you erased the flash, then there are no (bootable) images on flash.
When you copy an image from monitor mode, it does a direct copy of the image from the TFTP server to the PIX's RAM (not Flash). Once in RAM, it boots the image. If you then reload at that point, you will be stuck as there is still no bootable image on flash.
What you need to do is:
1) copy an image over from monitor mode
2) allow it to boot up
3) configure the PIX for basic IP connectivity to the TFTP sever
4) ** Copy the image over again - so it is saved in flash **
5) reload
That will fix the issue you are experiencing.
Sincerley,
David.
06-17-2010 06:43 AM
Hi Tom,
If you erased the flash, then there are no (bootable) images on flash.
When you copy an image from monitor mode, it does a direct copy of the image from the TFTP server to the PIX's RAM (not Flash). Once in RAM, it boots the image. If you then reload at that point, you will be stuck as there is still no bootable image on flash.
What you need to do is:
1) copy an image over from monitor mode
2) allow it to boot up
3) configure the PIX for basic IP connectivity to the TFTP sever
4) ** Copy the image over again - so it is saved in flash **
5) reload
That will fix the issue you are experiencing.
Sincerley,
David.
06-17-2010 06:55 AM
That did the trick. Thank you!
01-16-2019 07:48 AM
What command did you use to copy the image from monitor mode?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide