Solved

REMOTE UPGRADE OF PIX

Posted on 2004-03-30
8
364 Views
Last Modified: 2013-11-16
I have a couple of PIX upgrade questions.  I was planning to move our sites to the 6.3.3.124 image on all PIXes.  

1)  On my primary site, I have a failover pair.  Are there any tricks on upgrading process, or do I just upgrade the primary and then the secondary?

2)  I have a remote site with no server and only a perodic laptop.  Can I remotely upgrade the PIX over a WAN link?  How do I connect to TFTP Server?

Thanks for any help.

Steve
0
Comment
Question by:smeek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 23

Accepted Solution

by:
Tim Holman earned 500 total points
ID: 10714754
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10714760
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10719655
Tim's link takes care of question 1.

Question 2 is no, I don't believe you can upgrade from the WAN link, and besides you probably shouldn't try it in case you lose your WAN connectivity during the upgrade! :-O
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 23

Expert Comment

by:Tim Holman
ID: 10724012
If you can get a console, telnet or ssh connection to the PIX, then I believe you can initiate the copy tftp flash command, so as long as your tftp server's up, and the image correct (double check it's md5 hash to ensure it's not corrupted), then away you go !!
0
 
LVL 8

Author Comment

by:smeek
ID: 10724073
I could SSH to it.  

How about open the PIX so that I can point the TFTP to a public IP with my TFTP server and copy the image across the Internet.

Ideas?

Steve
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10736595
Yes - that's exactly how I'd do it.  By default, you'll be able to access anything on the Internet from the PIX itself, but you may need to setup TFTP rules at the other end (ie if you have a firewall protecting your TFTP server).
0
 
LVL 8

Author Comment

by:smeek
ID: 10737162
I got it.  I allowed port 69 through to a static mapping I created for my laptop and it worked like a charm.  I just wish the previous IT person had the foresight to setup SSH statements for the branches to main site.  Is there a way to connect through the VPN to change the remote PIXs SSH.

Steve  
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10741824
If you have telnet access, then yes, you can generate SSH keys on the PIX and away you go...

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e71.shtml#sshinout
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question