Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
514
Views
10
Helpful
6
Replies

upgrading code on pix

ahensel
Level 1
Level 1

‎08-31-2005 06:53 PM - edited ‎02-21-2020 12:21 AM

any help is greatly appreciated. i have 2 pix 535 firewalls. neither have been configured yet. one has a UR license the other a FO license. both came with the 6.3(4) code. i would like to upgrade them to the 7.0 code. can i upgrade each seperately or do i first need to connect them in the stateful failover configuration and upgrade them then.

0 Helpful
6 Replies 6

travis-dennis_2
Level 7
Level 7

‎08-31-2005 07:49 PM

You don't have to configure them before you upgrade the IOS. In fact I would recommend that you DO the upgrade before you put these boxes into production. This will help minimize downtime later on. Upgraading the code will not change the license at all. Just be sure to upgrade to the EXACT smae verion of code on each PIX to avoid any strange behvior.

Hope this helps.

Please remember to rate all replies

ahensel
Level 1
Level 1
In response to travis-dennis_2

‎09-01-2005 02:42 AM

That is what I thought. However I cannot seem to get the FO pix to finish the code upgrade. According to documentation, upgrading via monitor mode is required as going to 7.0 first reformats flash while only loading 7.0 code to RAM. At this point you are told to slap an IP address a FastE interface and perform a copy tftp: flash: to allow the new image to be written to flash. However, after configuring the IP address I am unable copy over the image from tftp to flash because I have no layer 3 connectivity. I've quadruple checked the ip/mask between the tftp server and the 535, same network. The error message I get is "No Route to Host" when trying first initiate a ping. I shouldn't need a route statement since it is a directly connected network. Even if I apply a route statement still same error message. All this was begining to make me think that it had something to do with the FO license. Any ideas? Thanks again for your replies.

0 Helpful

rsmith
Level 3
Level 3
In response to ahensel

‎09-02-2005 01:00 PM

Not sure if this will help.... I had a similar issue, but with an older 515. Solution was to attach the TFTP server directly to the PIX interface (I used a laptop with the free SolarWinds TFTP server). Any switch ports between the PIX and TFTP, and the image would not load. Set the Gateway and Server IP address both to the same server IP address.

0 Helpful

thisisshanky
Level 11
Level 11
In response to ahensel

‎09-09-2005 11:22 AM

rsmith,

I am having same problem with a 525 PIX which is licensed for only FO. This box is not yet configured in FO, but the other box (UR licensed) I did upgrade to 7.0 without any issues. The 525 with FO only license, doesnt respond to ping from a laptop cross connected to Ethernet 1(inside) interface. TFTP sessions time out and doesnt happen. Is it that FO boxes doesnt pass traffic due to which this is happening.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

thomas-schmitz
Level 1
Level 1
In response to thisisshanky

‎10-31-2005 05:48 AM

Try to type in the command:

failover active

Then the stanby device should be able to access the network.

Krystian9
Level 1
Level 1
In response to thomas-schmitz

‎11-04-2005 07:08 AM

that solved my problem :-)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card