PIX 535升级为PIX OS 701.docx
《PIX 535升级为PIX OS 701.docx》由会员分享,可在线阅读,更多相关《PIX 535升级为PIX OS 701.docx(13页珍藏版)》请在冰豆网上搜索。
![PIX 535升级为PIX OS 701.docx](https://file1.bdocx.com/fileroot1/2023-2/3/8ef37325-ebb8-430c-b676-854c6f84cb2e/8ef37325-ebb8-430c-b676-854c6f84cb2e1.gif)
PIX535升级为PIXOS701
PIX535升级为PIXOS7.01
PIXOS7.01的确系个好嘢!
!
見詳細內容……
1、先看这里有没有合适的:
查看原来的版本,看内存等等是否符合升级要求,535-UR要1G内存才能升级。
pixfirewall#shver
CiscoPIXFirewallVersion6.3(4)
CiscoPIXDeviceManagerVersion3.0
(1)
CompiledonFri02-Jul-0400:
07bymorlee
pixfirewallup8days0hours
Hardware:
PIX-535,1024MBRAM,CPUPentiumIII1000MHz
Flashi28F640J5@0x300,16MB
BIOSFlashDA28F320J5@0xfffd8000,128KB
Encryptionhardwaredevice:
VAC+(Crypto5823revision0x1)
0:
gb-ethernet0:
addressis000e.0c6b.96d0,irq255
1:
gb-ethernet1:
addressis000e.0c6b.96cf,irq255
2:
ethernet0:
addressis000e.0c5f.a3f0,irq255
3:
ethernet1:
addressis000e.0c5f.a349,irq255
LicensedFeatures:
Failover:
Enabled
VPN-DES:
Enabled
VPN-3DES-AES:
Enabled
MaximumPhysicalInterfaces:
10
MaximumInterfaces:
24
Cut-throughProxy:
Enabled
Guards:
Enabled
URL-filtering:
Enabled
InsideHosts:
Unlimited
Throughput:
Unlimited
IKEpeers:
Unlimited
ThisPIXhasanUnrestricted(UR)license.
SerialNumber:
XXXXXXXXX
RunningActivationKey:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Configurationlastmodifiedbyenable_15at00:
55:
28.017UTCTueJun72005
2、检查一下flash能不能访问:
pixfirewall#shflash
flashfilesystem:
version:
3 magic:
0x12345679
file0:
origin:
0length:
1966136
file1:
origin:
2097152length:
1975
file2:
origin:
0length:
0
file3:
origin:
2228224length:
3126944
file4:
origin:
0length:
0
file5:
origin:
8257536length:
308
3、检查原来的配置,保存之
pixfirewall#shru
4、检查一下PIX上的interface,查看其工作状态:
pixfirewall#shint
interfacegb-ethernet0"outside"isup,lineprotocolisup
…………
interfacegb-ethernet1"inside"isup,lineprotocolisup
…………
interfaceethernet0"inf3"isadministrativelydown,lineprotocolisup
…………
interfaceethernet1"inf4"isadministrativelydown,lineprotocolisdown
…………
5、我在这里先配了一个FE口测试与终端的连通性,以便确保等一阵可以用TFTP
pixfirewall(config)#ipaddressinf310.32.2.79255.255.255.0
pixfirewall(config)#exit
pixfirewall#
pixfirewall#ping10.32.2.78
10.32.2.78responsereceived--0ms
10.32.2.78responsereceived--0ms
10.32.2.78responsereceived--0ms
6、好了,重启PIX,准备升级。
这是启动的画面,比较多字符。
按esc中断FLASH引导,进入monitor模式下。
Wait.....
PCIDeviceTable.
BusDevFuncVendIDDevIDClass Irq
00 00 00 1166 0008 HostBridge
00 00 01 1166 0008 HostBridge
00 00 02 1166 0006 HostBridge
00 00 03 1166 0006 HostBridge
00 01 00 8086 1229 Ethernet 255
00 02 00 8086 1229 Ethernet 255
00 0F 00 1166 0200 ISABridge
00 0F 01 1166 0211 IDEController
00 0F 02 1166 0220 SerialBus 71
01 0B 00 14E4 5823 Co-Processor 255
02 06 00 8086 1001 Ethernet 255
02 07 00 8086 1001 Ethernet 255
CiscoSecurePIXFirewall EmbeddedBIOSVersion4.3
CiscoPIX-535
+------------------------------------------------------------------------------+
| SystemBIOSConfiguration,(C)2000GeneralSoftware,Inc. |
+---------------------------------------+--------------------------------------+
|SystemCPU :
PentiumIII |LowMemory :
637KB |
|Coprocessor :
Enabled |ExtendedMemory :
1023MB |
|EmbeddedBIOSDate :
11/28/00 |SerialPorts1-2 :
03F802F8 |
+---------------------------------------+--------------------------------------+
CiscoSecurePIXFirewallBIOS(4.2)#0:
MonDec3108:
34:
34PST2001
PlatformPIX-535
Flash=i28F640J5@0x300
UseBREAKorESCtointerruptflashboot.
UseSPACEtobeginflashbootimmediately.
Flashbootinterrupted.
0:
i8255X@PCI(bus:
0dev:
2 irq:
255)
1:
i8255X@PCI(bus:
0dev:
1 irq:
255)
Ethernetautonegotiationtimedout.
Ethernetport1couldnotbeinitialized.
Use?
forhelp.
monitor>
Invalidorincorrectcommand. Use'help'forhelp.
7、查看在monitor下可用的interface,肯定就是那两个FE口了。
monitor>interface
0:
i8255X@PCI(bus:
0dev:
2 irq:
255)
1:
i8255X@PCI(bus:
0dev:
1 irq:
255)
8、这里我选用第一个fe口,就是刚才测试过的那个口
monitor>interface0
0:
i8255X@PCI(bus:
0dev:
2 irq:
255)
1:
i8255X@PCI(bus:
0dev:
1 irq:
255)
Using0:
i82559@PCI(bus:
0dev:
2 irq:
255),MAC:
000e.0c5f.a3f0
9、配上接口地址,TFTP服务器地址等等,开始TFTP下载新版PIXOS。
monitor>address10.32.2.79
address10.32.2.79
monitor>server10.32.2.78
server10.32.2.78
monitor>ping10.32.2.78
Sending5,100-byte0x7970ICMPEchoesto10.32.2.78,timeoutis4seconds:
!
!
!
!
!
Successrateis100percent(5/5)
monitor>filepix701.bin
filepix701.bin
monitor>tftp
tftppix701.bin@10.32.2.78...........................
…………
Received5124096bytes
CiscoPIXSecurityApplianceadminloader(3.0)#0:
ThuMar3114:
03:
05PST2005
####################################################
……
1024MBRAM
10、下载完之后,PIX直接用新版PIXOS启动了。
TotalNICsfound:
4
mcwai82559Ethernetatirq255 MAC:
000e.0c5f.a349
mcwai82559Ethernetatirq255 MAC:
000e.0c5f.a3f0
BIOSFlash=DA28F320J5@0xD8000
i82543rev02GigabitEthernet@irq255dev6index01MAC:
000e.0c6b.96cf
i82543rev02GigabitEthernet@irq255dev7index00MAC:
000e.0c6b.96d0
Oldfilesystemdetected.Attemptingtosavedatainflash
11、这里是检查整理一遍FLASH,并把原来的PIXOS映像存成image_old.bin
Initializingflashfs...
flashfs[7]:
Checkingblock0...blocknumberwas(-10627)
…………
flashfs[7]:
erasingblock0...done.
flashfs[7]:
Checkingblock125...blocknumberwas(-1)
flashfs[7]:
erasingblock125...done.
flashfs[7]:
0files,1directories
flashfs[7]:
0orphanedfiles,0orphaneddirectories
flashfs[7]:
Totalbytes:
16128000
flashfs[7]:
Bytesused:
1024
flashfs[7]:
Bytesavailable:
16126976
flashfs[7]:
flashfsfscktook161seconds.
flashfs[7]:
Initializationcomplete.
Savingtheconfiguration
!
Savingacopyofoldconfigurationasdowngrade.cfg
!
Savedtheactivationkeyfromtheflashimage
Savedthedefaultfirewallmode(single)toflash
Theversionofimagefileinflashisnotbootableinthecurrentversionof
software.
Usethedowngradecommandfirsttobootolderversionofsoftware.
Thefileisbeingsavedasimage_old.binanyway.
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
……
Upgradeprocesscomplete
Needtoburnloader....
Erasingsector0...[OK]
Burningsector0...[OK]
Licensedfeaturesforthisplatform:
MaximumPhysicalInterfaces:
14
MaximumVLANs :
200
InsideHosts :
Unlimited
Failover :
Active/Active
VPN-DES :
Enabled
VPN-3DES-AES :
Enabled
Cut-throughProxy :
Enabled
Guards :
Enabled
URLFiltering :
Enabled
SecurityContexts :
2
GTP/GPRS :
Disabled
VPNPeers :
Unlimited
ThisplatformhasanUnrestricted(UR)license.
12、继续引导:
Encryptionhardwaredevice:
VAC+(Crypto5823revision0x1)
--------------------------------------------------------------------------
. .
| |
||| |||
.||||. .||||.
.:
|||||||:
..:
|||||||:
.
Cisco Systems
--------------------------------------------------------------------------
CiscoPIXSecurityApplianceSoftwareVersion7.0
(1)
******************************Warning*******************************
Thisproductcontainscryptographicfeaturesandis
subjecttoUnitedStatesandlocalcountrylaws
governing,import,export,transfer,anduse.
DeliveryofCiscocryptographicproductsdoesnot
implythird-partyauthoritytoimport,export,
distribute,oruseencryption.Importers,exporters,
distributorsandusersareresponsibleforcompliance
withU.S.andlocalcountrylaws.Byusingthis
productyouagreetocomplywithapplicablelawsand
regulations.IfyouareunabletocomplywithU.S.
andlocallaws,returntheencloseditemsimmediately.
AsummaryofU.S.lawsgoverningCiscocryptographic
productsmaybefoundat:
Ifyourequirefurtherassistancepleasecontactusby
sendingemailtoexport@.
*******************************Warning*******************************
Copyright(c)1996-2005byCiscoSystems,Inc.
RestrictedRightsLegend
Use,duplication,ordisclosurebytheGovernmentis
subjecttorestrictionsassetforthinsubparagraph
(c)oftheCommercialComputerSoftware-Restricted
RightsclauseatFARsec.52.227-19andsubparagraph
(c)
(1)(ii)oftheRightsinTechnicalDataandComputer
SoftwareclauseatDFARSsec.252.227-7013.
CiscoSystems,Inc.
170WestTasmanDrive
SanJose,California95134-1706
ERROR:
Thiscommandisnolongerneeded.TheLOCALuserdatabaseisalwaysenabled.
***Outputfromconfigline59,"aaa-serverLOCALprotoco..."
ERROR:
Thiscommandisnolongerneeded.The'floodguard'featureisalwaysenabled.
***Outputfromconfigline64,"floodguardenable"
13、转换一些配置
Cryptochecksum(unchanged):