Upgrading a PIX 506's OS version from 5.2 to 6.0

Confidential information has been blanked out with "xxx" or "yyy"
The commands that I entered are in BOLD and comments are in parenthesis

From the console port using a serial cable (the Cisco blue flat cable), enter:

pixfirewall# reload
Proceed with reload? [confirm]        (hit "return")

Rebooting....
Cisco Secure PIX Firewall BIOS (4.0) #0: Fri Mar 31 11:32:03 PST 2000
Platform PIX-506
Flash=i28F640J5 @ 0x300

Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.

Enter a BREAK signal within 10 seconds of reboot (on a Solaris box using tip this is ~#)

Flash boot interrupted.
0: i8255X @ PCI(bus:0 dev:13 irq:11)
1: i8255X @ PCI(bus:0 dev:14 irq:10)

Using 1: i82559 @ PCI(bus:0 dev:14 irq:10), MAC: 0007.50b7.1230
Use ? for help.
monitor> help
?                 this help message
address   [addr]  set IP address
file      [name]  set boot file name
gateway   [addr]  set IP gateway
help              this help message
interface [num]   select TFTP interface
ping      <addr>  send ICMP echo
reload            halt and reload system
server    [addr]  set server IP address
tftp              TFTP download
timeout           TFTP timeout
trace             toggle packet tracing
monitor> addr x.x.x.x   (assign the PIX's IP address)
address x.x.x.x
monitor> server y.y.y.y (assign the TFTP server's address)
server y.y.y.y
monitor> interface 1 (assign the ethernet interface to use)
0: i8255X @ PCI(bus:0 dev:13 irq:11)
1: i8255X @ PCI(bus:0 dev:14 irq:10)

Using 1: i82559 @ PCI(bus:0 dev:14 irq:10), MAC: 0007.50b7.1230
monitor> file pix601.bin
file pix601.bin
monitor> tftp
tftp pix601.bin@y.y.y.y....................................................................................................
...........................................................................................................................................
...........................................................................................................................................
--> Note: this goes on for  70 or 80 lines <--
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
Received 2543616 bytes

Cisco Secure PIX Firewall admin loader (3.0) #0: Thu May 17 19:55:23 PDT 2001
Flash=i28F640J5 @ 0x300
BIOS Flash=AT29C257 @ 0xd8000
Flash version 5.2.6, Install version 6.0.1  Note: upgrading from 5.2(6) to 6.0(1)

Installing to flash

Serial Number: xxxxxxxxx (0xXXXXXXXXXX)
Activation Key: xxxxxxxx xxxxxxxxxx xxxxxxxxxxx xxxxxxxxxxx

Do you want to enter a new activation key? [n]   (hit "return" unless you are upgrading the feature key)

Writing 2449464 bytes image into flash...
32MB RAM
Flash=i28F640J5 @ 0x300
BIOS Flash=AT29C257 @ 0xfffd8000
mcwa i82559 Ethernet at irq 11  MAC: 0007.xxxx.xxxx
mcwa i82559 Ethernet at irq 10  MAC: 0007.xxxx.xxxxx

  -----------------------------------------------------------------------
                               ||        ||
                               ||        ||
                              ||||      ||||
                          ..:||||||:..:||||||:..
                         c i s c o S y s t e m s
                        Private Internet eXchange
  -----------------------------------------------------------------------
                        Cisco Secure PIX Firewall

Cisco Secure PIX Firewall Version 6.0(1)

Licensed Features:
Failover:       Disabled
VPN-DES:        Enabled
VPN-3DES:       Disabled
Maximum Interfaces:     2
Cut-through Proxy:      Enabled
Guards:         Enabled
Websense:       Enabled
Throughput:     Limited
ISAKMP peers:   Unlimited
 

  ****************************** Warning *******************************
  Compliance with U.S. Export Laws and Regulations - Encryption.

  This product performs encryption and is regulated for export
  by the U.S. Government.

  This product is not authorized for use by persons located
  outside the United States and Canada that do not have prior
  approval from Cisco Systems, Inc. or the U.S. Government.

  This product may not be exported outside the U.S. and Canada
  either by physical or electronic means without PRIOR approval
  of Cisco Systems, Inc. or the U.S. Government.

  Persons outside the U.S. and Canada may not re-export, resell
  or transfer this product by either physical or electronic means
  without prior approval of Cisco Systems, Inc. or the U.S.
  Government.
  ******************************* Warning *******************************

Copyright (c) 1996-2000 by Cisco Systems, Inc.

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706
 

Cryptochecksum(changed): xxxxxxxxxxxx xxxxxxxxxxxxxx xxxxxxxxxxxxx xxxxxxxx
Type help or '?' for a list of available commands.
pixfirewall>en
Password: ********************
pixfirewall# reload
Proceed with reload? [confirm]      (hit "return")
Rebooting....
Cisco Secure PIX Firewall BIOS (4.0) #0: Fri Mar 31 11:32:03 PST 2000
Platform PIX-506
Flash=i28F640J5 @ 0x300

Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Reading 2445824 bytes of image from flash.
32MB RAM
Flash=i28F640J5 @ 0x300
BIOS Flash=AT29C257 @ 0xfffd8000
mcwa i82559 Ethernet at irq 11  MAC: 0007.xxxx.xxxx
mcwa i82559 Ethernet at irq 10  MAC: 0007.xxxx.xxxx

  -----------------------------------------------------------------------
                               ||        ||
                               ||        ||
                              ||||      ||||
                          ..:||||||:..:||||||:..
                         c i s c o S y s t e m s
                        Private Internet eXchange
  -----------------------------------------------------------------------
                        Cisco Secure PIX Firewall

Cisco Secure PIX Firewall Version 6.0(1)

Licensed Features:
Failover:       Disabled
VPN-DES:        Enabled
VPN-3DES:       Disabled
Maximum Interfaces:     2
Cut-through Proxy:      Enabled
Guards:         Enabled
Websense:       Enabled
Throughput:     Limited
ISAKMP peers:   Unlimited
 

  ****************************** Warning *******************************
  Compliance with U.S. Export Laws and Regulations - Encryption.

  This product performs encryption and is regulated for export
  by the U.S. Government.

  This product is not authorized for use by persons located
  outside the United States and Canada that do not have prior
  approval from Cisco Systems, Inc. or the U.S. Government.

  This product may not be exported outside the U.S. and Canada
  either by physical or electronic means without PRIOR approval
  of Cisco Systems, Inc. or the U.S. Government.

  Persons outside the U.S. and Canada may not re-export, resell
  or transfer this product by either physical or electronic means
  without prior approval of Cisco Systems, Inc. or the U.S.
  Government.
  ******************************* Warning *******************************

Copyright (c) 1996-2000 by Cisco Systems, Inc.

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706
 

Cryptochecksum(changed):xxxxxxxxxxxx xxxxxxxxxxx xxxxxxxxxxx xxxxxxxxxxx
Type help or '?' for a list of available commands.
pixfirewall> sh ver

Cisco Secure PIX Firewall Version 6.0(1)

Compiled on Thu 17-May-01 20:05 by morlee

pixfirewall up 1 min 2 secs

Hardware:   PIX-506, 32 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 8MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is 0007.xxxx.xxx irq 11
1: ethernet1: address is 0007.xxx.xxxx irq 10

Licensed Features:
Failover:       Disabled
VPN-DES:        Enabled
VPN-3DES:       Disabled
Maximum Interfaces:     2
Cut-through Proxy:      Enabled
Guards:         Enabled
Websense:       Enabled
Throughput:     Limited
ISAKMP peers:   Unlimited

Serial Number: xxxxxxxxxxx (0xXXXXXXX)
Activation Key: xxxxxxxxxxx xxxxxxxxxxx xxxxxxxxxx xxxxxxxxx
pixfirewall> en
Password: ********************
pixfirewall# copy tftp://x.x.x.x/pdm-112.bin flash:pdm
copying tftp://x.x.x.x/pdm-112.bin to flash:pdm
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
--> this goes on for several lines  <--
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Received 3528136 bytes.
Erasing current PDM file.
Writing new PDM file.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
--> this goes on for several lines  <--
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

PDM file installed.
pixfirewall#



Note: The PDM (Product Device Manager) is really cool.   It is a Java based PIX manager with a full GUI.  It makes configuring the PIX almost as easy as configuring a Checkpoint Firewall-1.  However, it seems that it only runs under M$ Windoze, (it causes Netscape 4.7 on Solaris to have a bus error).  What the f--- is Cisco thinking?

Here is the first screen of the PDM:



Copyright © 1993-2001 by Robert Barnes

Return to Unixhub's home page