cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
489
Views
0
Helpful
3
Replies

PIX 515E SW Upgrade on Standby unit

trevora
Level 1
Level 1

I have purchase 2 515E's in failover bundle. They are configured with v6.1 and I want to upgrade them to v6.2 so that I can run standby over the LAN instead of failover cable.

I have upgraded the software on the active PIX and I cannot upgrade the SW on the standby unit. Firstly it wont allow me to get into privilaged mode (not connected to a failver partner yet).

I tried upgrading via Monitor mode but that starts and then constantly timesout on the tftp server. The IP address on the pix is in the same subnet as the tftp server and I can ping the server from the pix but not the other way around.

Any ideas on how to do this?

3 Replies 3

gfullage
Cisco Employee
Cisco Employee

The instructions for this are all here:

http://www.cisco.com/warp/public/110/upgrade.shtml

Make sure you're following them to the letter. Take note of the "interface" command once in monitor mode, this is the interface (defaults to inside) that the PIX will try and contact the TFTP server.

I've followed those directions and still not working. I have tried using 2 different tftp servers. Here is the console info from the pix.

monitor> address

address 53.254.166.201

monitor> file

file pix622.bin

monitor> gateway

gateway 53.254.166.1

monitor> interface 1

0: i8255X @ PCI(bus:0 dev:14 irq:10)

1: i8255X @ PCI(bus:0 dev:13 irq:11)

2: i8255X @ PCI(bus:0 dev:19 irq:5 )

Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC: 000b.5fe2.4268

monitor> server

server 53.254.166.102

monitor> ping 53.254.166.102

Sending 5, 100-byte 0x7cee ICMP Echoes to 53.254.166.102, timeout is 4 seconds:

!!!!!

Success rate is 100 percent (5/5)

monitor> tftp

tftp pix622.bin@53.254.166.102 via 53.254.166.1.................................

................................................................................

................................................................................

................................................................................

................................................... (I eventually pressed Ctrl-Break here)

TFTP failed (return:-12 arg:0x0)

monitor>

TFTP Server error message:

3/18/2003 11:23 :Timeout error sending pix622.bin to 53.254.166.201, 0 bytes

3/18/2003 11:23 :Timeout error sending pix622.bin to 53.254.166.201, 0 bytes

3/18/2003 11:23 :Timeout error sending pix622.bin to 53.254.166.201, 0 bytes

3/18/2003 11:23 :Timeout error sending pix622.bin to 53.254.166.201, 0 bytes

3/18/2003 11:23 :Timeout error sending pix622.bin to 53.254.166.201, 0 bytes

It certainly seems like the two can't talk TFTP to each other, altohugh it looks like the packet from the PIX to the server is getting there, maybe not in the other direction though. Check your internal network in between the PIX and router and make sure there's no ACL's anywhere that'll be blocking TFTP traffic.

Just to check, this is on your inside network, right? The IP addresses you have seem ot be valid global ones, not private, so just want to be sure. If the TFTP server is on the outside interface, then you need to specify "interface 2" instead of "interface 1".

Review Cisco Networking for a $25 gift card