Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
260
Views
0
Helpful
2
Replies

problems with upgrade

frmoody
Level 1
Level 1

‎07-03-2006 01:47 PM - edited ‎03-09-2019 03:29 PM

hello all,

i'm having trouble with upgrading from version 6.3 to ver 7.21 on a failover 535. i have no trouble loading the image in monitor mode but once the pix os is loaded i cannot ping the tftp server, or even the interface on the pix itself. i tried following the upgrade guide step by the step but still no luck. Interestingly in the "show run", u can see that i have an address on the interface i intend to use but in the "sh int" it says "IP address unassigned"

PIX Version 7.2(1)

!

hostname pixfirewall

enable password xxx

names

!

interface GigabitEthernet0

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet1

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet1

nameif inside

security-level 100

ip address 10.1.40.1 255.255.255.0

!

passwd xxxx

ftp mode passive

pager lines 24

mtu inside 1500

no failover

no asdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:xxx

: end

and the "show interface"

Interface Ethernet1 "inside", is up, line protocol is up

Hardware is i82559, BW 100 Mbps

Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

MAC address 000e.0c83.9934, MTU 1500

IP address unassigned

168 packets input, 11967 bytes, 0 no buffer

Received 134 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

105 L2 decode drops

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/5)

output queue (curr/max blocks): hardware (0/0) software (0/0)

Traffic Statistics for "inside":

65 packets input, 3269 bytes

0 packets output, 0 bytes

4 packets dropped

1 minute input rate 0 pkts/sec, 13 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 10 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

anybody has any idea about this?

thanks in advance.

Labels:
0 Helpful
2 Replies 2

grant.maynard
Level 4
Level 4

‎07-04-2006 01:28 PM

what's your IP?

check PIX has a route to you.

how does its ARP cache look?

0 Helpful

frank.schwarze
Level 1
Level 1

‎07-25-2006 12:59 AM

Hi frmoody,

I've the same problem with a pix515E Ver7.0. After a manual configuration everything was fine. Then I saved the config and did a reboot and now the IP-Address is not assigned to the interface. Have you already found a solution for this? Please let me know. I find it strange that it worked before...

fw5(config)# sh run int eth1

!

interface Ethernet1

nameif inside

security-level 100

ip address 149.3.253.254 255.255.0.0

fw5(config)# sh int eth1

Interface Ethernet1 "inside", is up, line protocol is up

Hardware is i82559, BW 100 Mbps

Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

MAC address 0017.0e14.1103, MTU 1500

IP address unassigned

106624 packets input, 7284142 bytes, 0 no buffer

Received 106624 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/37)

output queue (curr/max blocks): hardware (0/0) software (0/0)

Traffic Statistics for "inside":

106624 packets input, 5781238 bytes

0 packets output, 0 bytes

21633 packets dropped

fw5(config)# sh ip add

System IP Addresses:

Interface Name IP address Subnet mask Method

Ethernet0 outside 192.168.12.2 255.255.255.0 CONFIG

Ethernet1 inside 149.3.253.254 255.255.0.0 CONFIG

Current IP Addresses:

Interface Name IP address Subnet mask Method

fw5(config)#

thanks in advance.

0 Helpful
Customers Also Viewed These Support Documents