Solved

Upgrading IOS on PIX 515E

Posted on 2006-07-20
18
989 Views
Last Modified: 2013-11-16
So it's at:

Cisco PIX Firewall Version 6.1(4)
Cisco PIX Device Manager Version 1.1(2)

Am I right that I can't upgrade, except to 6.2.X without upgrading to at least 64mb RAM?

And would I be correct to assume that I could buy memory for it and upgrade it myself, perhaps from ciscomemoryupgrades.com?

thanks
0
Comment
Question by:corphealth
  • 9
  • 3
  • 3
  • +1
18 Comments
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17149651
You can't go to 7.x without atleast 64MB ram, you can upgrade the memory yourself, its not hard

I'm still looking but I can't see why you shouldn't be able to go to 6.3(5) version.  Of course are you in restricted or unrestricted mode on the 515
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17149658
also how much ram do you have now
0
 

Author Comment

by:corphealth
ID: 17149789
Hardware:   PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0x300, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17149798
ok found the memory requirements for 6.3, I'd upgrade to that until you can get the memory up to 64MB
http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a00804e6d6d.html#wp31990

also, be aware that the config will need changing when going to 7.x so keep that in mind too
0
 

Author Comment

by:corphealth
ID: 17149809
What kind of config, I read somewhere else in here where someone said that upgrade IOS on the pix from 6.3.X and it would keep the config.
Please elaborate. =)
-chipTM
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17150003
i wouldn't if I were you.  vpngroup was replaced with tunnel-group for one thing.  If you used conduits, their gone.  There is a lot that changed so I really wouldn't bank on the IOS upgrade to take care of everything for you.  In fact before you make that leap I'd make a config backup just in case its beyond repair and you have to start from scratch.  Don't get me wrong, you may get lucky depending upon the difficulty of your config and it upgrades fine, but I'd research it before you do an upgrade
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 17150566
I seem a PIX upgrade from 6.3 to 7 and they lost their internal exchange connectivity.  This is due from commands changing in the versions.

David
0
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 250 total points
ID: 17150602
yup, that's exactly why you should go to 6.3(5) for now to get it updated as much as possible without worrying about any config changes, then research the changes for 6.3 -> 7.x upgrades
0
 
LVL 20

Expert Comment

by:calvinetter
ID: 17151155
Before upgrading, I assume you have current SmartNet support on this PIX? Otherwise upgrading isn't an option.

  Agree with Cyclops3590 that you should do some research before considering going to 7.x.  If/when you go to 7.x, be absolutely sure you read *all* documentation carefully, as there's a danger of corrupting the install.
  Even from 6.1 to 6.3 there are some fairly significant changes, mostly improvements.  Suggest you research 6.3 before upgrading to it, if you're going the route of "incremental changes."  Even if just upgrading to 6.3 for now, I'd highly recommend converting any conduit statements to ACLs (since conduits are *not* supported in 7.x), & checking what commands are changed or not supported in 6.3.

  New & changed features in 6.3 series:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a0080579fbf.html#wp32151

  Important:  see the following for info on 7.x:
  General release notes (especially "System Requirements" & "Changes to Existing PIX 6.x Features"):
http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a008057a11d.html
  * Upgrade Guide*:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/pix_upgd/index.htm

cheers
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:corphealth
ID: 17153544
Yes, they are in ACL form already.  I have holding off on upgrading until I get the memory for it I ordered, and until after we switch to a new ISP tonight.  That being said, what is this smartnet??!?!
0
 
LVL 20

Expert Comment

by:calvinetter
ID: 17153614
 SmartNet is essentially a "Cisco extended support/warranty" contract, which permits you to download & install new PIX software from Cisco's website.  SmartNet should be purchased when you bought the PIX, & needs to be renewed yearly (or every 3 yrs possibly).  If you bought this new but never got SmartNet for it, you should be able to buy SmartNet for it after the fact; this might entail getting a 3rd-party to inspect the PIX to ensure it's in good working order, before Cisco will allow you to put a SmartNet contract on it.  Contact your distributor or a local Cisco reseller for details.
  Without SmartNet, Cisco will *not* allow you to download new PIX images from their website, due to licensing.

cheers
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17153743
calvinetter can probably correct me, but I swear I've heard that some of Cisco's products offer one time upgrade options for a fee so you don' t have to buy the smartnet if you don't want (but I do recommend it)
0
 
LVL 20

Expert Comment

by:calvinetter
ID: 17158811
Greetings Cyclops!   The only thing of this nature I've heard is when there's a *serious* security vulnerabiltiy or a nasty, fatal bug that Cisco felt compelled to provide bugfixed code, so they don't lose credibility & lose customers.  ;)  In this case, they don't provide a free upgrade to the next major release, just the next minor maintenance version higher.  Let's say for example if 6.1(1) had such a fatal flaw, & Cisco might allow a 1-time upgrade to 6.1(2).

cheers
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17159836
umm, i could have swore you could pay for one time upgrades as well.  probably just imagining it i guess.

at any rate corphealth, these smartnets for one year really aren't very expensive. Probably a few hundred or so
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 17163447
To my understanding they provide paid one time upgrades for routers, switches, but haven't heard for PIXes.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17164264
thx for the clarification Pentrix2
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 17164753
np Cyclops3590.

btw:  You are doing pretty good on this board.


David
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17166924
thx, I'm trying anyway.  Just got into Cisco firewalls a few of months ago and this board helped me out, so I thought I'd try to return the favor
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now