Ask a Question Sign up for Free 107 Experts currently online. Ask Questions for Free!

upgrade pix 520 to newest IOS (6.3?) - Cisco Routers & Bridges

This is what I have: fox-pixfirewall# show hardware Cisco PIX Firewall Version 6.1(1) Cisco PIX Device Manager Version 1.0(2) Compiled on Tue 11-Sep-01 07:45 by morlee fox-pixfirewall up 1 day 23 hours Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 350 MHz Flash i28F640J5 @ 0x300, 16MB BIOS Flash AT29C257 ...

Results 1 to 9 of 9

  1. #1

    upgrade pix 520 to newest IOS (6.3?)

    This is what I have:

    fox-pixfirewall# show hardware
    Cisco PIX Firewall Version 6.1(1)
    Cisco PIX Device Manager Version 1.0(2)

    Compiled on Tue 11-Sep-01 07:45 by morlee

    fox-pixfirewall up 1 day 23 hours

    Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 350 MHz
    Flash i28F640J5 @ 0x300, 16MB
    BIOS Flash AT29C257 @ 0xfffd8000, 32KB

    0: ethernet0: address is 0090.2743.2ee8, irq 11
    1: ethernet1: address is 0002.b30c.2ea5, irq 15
    2: ethernet2: address is 0090.2713.fb3d, irq 10

    Licensed Features:
    Failover: Enabled
    VPN-DES: Enabled
    VPN-3DES: Disabled
    Maximum Interfaces: 6
    Cut-through Proxy: Enabled
    Guards: Enabled
    Websense: Enabled
    Inside Hosts: Unlimited
    Throughput: Unlimited
    ISAKMP peers: Unlimited
    Scott
  2. #2

    Re: upgrade pix 520 to newest IOS (6.3?)

    In article <google.com>,
    Scott Emick <com> wrote:
    :This is what I have:

    :Cisco PIX Firewall Version 6.1(1)
    :Cisco PIX Device Manager Version 1.0(2)

    :Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 350 MHz
    :Flash i28F640J5 @ 0x300, 16MB


    You accidently omitted the question ;-)

    If the question is whether 6.3(3) is supported on that hardware,
    the answer is Yes, the PIX-520 and PIX-520-XM (which is what you
    probably have) with 128 Mb RAM and 16 Mb flash is supported by 6.3(3).


    You should, though, not expect to be able to upgrade to PIX 7.0 when
    it is released from beta -- my "reading between the lines" is that
    the 510 and 520 will not be supported, and it that is plausible that
    the 506 and 515 might not be either (but that the 506E and 515E would
    likely be supported.)
    --
    vi -- think of it as practice for the ROGUE Olympics!
    Walter
  3. #3

    Re: upgrade pix 520 to newest IOS (6.3?)

    Yes my question was can I upgrade to 6.3 and are there any additional
    requirements. We want the 3DES.

    Thanks,

    Scott

    nrc-cnrc.gc.ca (Walter Roberson) wrote in message news:<c7gdvl$omd$cc.umanitoba.ca>... 
    Scott
  4. #4

    Re: upgrade pix 520 to newest IOS (6.3?)

    In article <google.com>,
    Scott Emick <com> wrote:
    :Yes my question was can I upgrade to 6.3 and are there any additional
    :requirements. We want the 3DES.

    Your PIX-520-XM with the hardware you showed should not require anything
    addition to upgrade to PIX 6.3.

    The base PIX software supports 3DES, but you need the proper activation
    key for it. After you do the PIX 6.3 upgrade, you would fill out
    an online form on cisco.com (needs CCO registration, but does
    not need a support contract) and provided you fit the legal parameters,
    Cisco will send you a new activation key that you would then enter in.
    (There's a command in 6.2+ to allow you to enter a new activation
    key without reloading the software.)

    [Note: if you had a special feature on one of the PIXes, such as
    the 50-user license on a 501, or Unrestricted or Failover, then sometimes
    the key that gets generated will be missing the special feature, and
    you need to write to Cisco to get it straightened out. They are usually
    fairly prompt about it.]

    --
    Pity the poor electron, floating around minding its own business for
    billions of years; and then suddenly Bam!! -- annihilated just so
    you could read this posting.
    Walter
  5. #5

    Re: upgrade pix 520 to newest IOS (6.3?)

    We do have unrestricted. So how hard would it be for me to upgrade
    the IOS on the box with a contigency for rollback, since this is our
    production box for e-commerce website etc. ???

    Thanks,

    Scott Emick

    nrc-cnrc.gc.ca (Walter Roberson) wrote in message news:<c7o6n4$1kg$cc.umanitoba.ca>... 
    Scott
  6. #6

    Re: upgrade pix 520 to newest IOS (6.3?)

    In article <google.com>,
    Scott Emick <com> top-posted:
    :nrc-cnrc.gc.ca (Walter Roberson) wrote in message news:<c7o6n4$1kg$cc.umanitoba.ca>...
    :> [Note: if you had a special feature on one of the PIXes, such as
    :> the 50-user license on a 501, or Unrestricted or Failover, then sometimes
    :> the key that gets generated will be missing the special feature, and
    :> you need to write to Cisco to get it straightened out. They are usually
    :> fairly prompt about it.]


    :We do have unrestricted. So how hard would it be for me to upgrade
    :the IOS on the box with a contigency for rollback, since this is our
    roduction box for e-commerce website etc. ???

    The PIX 520 used to be licensed by connection counts, but is now
    feature-based. What I gathered, perhaps incorrectly, is that effectively
    all PIX 520's running "new enough" software are equivilent to
    Unrestricted, and thus there shouldn't be any potential problem
    about a lower key being issued. com (phone #1-800-553-2447
    in Canada/USA) should be able to answer more authoratatively
    about that.

    Rolling back the PIX version should be about the same as installing
    the PIX version in the first place -- but keep a copy of the old
    config saved, as some of the configuration upgrades that are automatically
    done upon the upgrade are not going to be recognized after the downgrade.
    That could lead to some subtle problems; a few statements could effectively
    get lost in an upgrade / downgrade cycle.

    Upgrading or downgrading a PIX is not difficult in itself, but if
    you are in the habit of using a tftp "master copy" of the
    configuration instead of treating the PIX live configuration as the
    "master copy", then after an upgrade you would want to tftp off
    the pix running configuration and compare it to the saved configuration,
    as some statements move around and some get extra parameters added
    and so on. If your config is big, the comparison can take a while.
    But it isn't usually hard, just tedious.

    I should note, though, that none of my pixes would be considered
    "production boxes" in the same sense as yours. If our PIX goes down
    for a little, or has to be rebooted, or if I mess up the configuration a bit,
    then it's not a big deal to us. If I were running a production
    environment, I would keep a lab-bench duplicate device and run the
    upgrade on it first (and possibly do a device swap at that point,
    so as to keep downtime to a minimum.)
    --
    I wrote a hack in microcode,
    with a goto on each line,
    it runs as fast as Superman,
    but not quite every time! -- Don Libes et al.
    Walter
  7. #7

    Re: upgrade pix 520 to newest IOS (6.3?)

    That sux about the 520 possibly not getting 7.0. I know of more
    places running that one than any other model... And there's *nothing*
    wrong with it technology-wise. After all they're all x86s'! Oh well.
    :/

    On 7 May 2004 16:37:09 GMT, nrc-cnrc.gc.ca (Walter
    Roberson) wrote:
     

    Joey
  8. #8

    Re: upgrade pix 520 to newest IOS (6.3?)


    "Joey" <com> wrote in message
    news:com... 

    But then how will cisco sell new hardware?, the 520 is old and has been
    EOL'ed


    John
  9. #9

    Re: upgrade pix 520 to newest IOS (6.3?)

     

    Last I heard the 515 and 506 (non e models) will be supported but the 520
    will never move beyond 6.3.x


    John

Similar Threads

  1. Flooded With Email (Windows Newest Network Update)
    By Richard in forum Mac Entourage
    Replies: 6
    Last Post: 09-27, 12:51 PM
  2. Newest version or not?
    By mark in forum Quicken
    Replies: 6
    Last Post: 08-09, 09:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100