Solved

REMOTE UPGRADE OF PIX

Posted on 2004-03-30
8
362 Views
Last Modified: 2013-11-16
I have a couple of PIX upgrade questions.  I was planning to move our sites to the 6.3.3.124 image on all PIXes.  

1)  On my primary site, I have a failover pair.  Are there any tricks on upgrading process, or do I just upgrade the primary and then the secondary?

2)  I have a remote site with no server and only a perodic laptop.  Can I remotely upgrade the PIX over a WAN link?  How do I connect to TFTP Server?

Thanks for any help.

Steve
0
Comment
Question by:smeek
  • 5
  • 2
8 Comments
 
LVL 23

Accepted Solution

by:
Tim Holman earned 500 total points
ID: 10714754
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10714760
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10719655
Tim's link takes care of question 1.

Question 2 is no, I don't believe you can upgrade from the WAN link, and besides you probably shouldn't try it in case you lose your WAN connectivity during the upgrade! :-O
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 23

Expert Comment

by:Tim Holman
ID: 10724012
If you can get a console, telnet or ssh connection to the PIX, then I believe you can initiate the copy tftp flash command, so as long as your tftp server's up, and the image correct (double check it's md5 hash to ensure it's not corrupted), then away you go !!
0
 
LVL 8

Author Comment

by:smeek
ID: 10724073
I could SSH to it.  

How about open the PIX so that I can point the TFTP to a public IP with my TFTP server and copy the image across the Internet.

Ideas?

Steve
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10736595
Yes - that's exactly how I'd do it.  By default, you'll be able to access anything on the Internet from the PIX itself, but you may need to setup TFTP rules at the other end (ie if you have a firewall protecting your TFTP server).
0
 
LVL 8

Author Comment

by:smeek
ID: 10737162
I got it.  I allowed port 69 through to a static mapping I created for my laptop and it worked like a charm.  I just wish the previous IT person had the foresight to setup SSH statements for the branches to main site.  Is there a way to connect through the VPN to change the remote PIXs SSH.

Steve  
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10741824
If you have telnet access, then yes, you can generate SSH keys on the PIX and away you go...

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e71.shtml#sshinout
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question