Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > upgrade pix 520 to newest IOS (6.3?)

Reply
Thread Tools

upgrade pix 520 to newest IOS (6.3?)

 
 
Scott Emick
Guest
Posts: n/a
 
      05-07-2004
This is what I have:

fox-pixfirewall# show hardware
Cisco PIX Firewall Version 6.1(1)
Cisco PIX Device Manager Version 1.0(2)

Compiled on Tue 11-Sep-01 07:45 by morlee

fox-pixfirewall up 1 day 23 hours

Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 350 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is 0090.2743.2ee8, irq 11
1: ethernet1: address is 0002.b30c.2ea5, irq 15
2: ethernet2: address is 0090.2713.fb3d, irq 10

Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES: Disabled
Maximum Interfaces: 6
Cut-through Proxy: Enabled
Guards: Enabled
Websense: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
ISAKMP peers: Unlimited
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      05-07-2004
In article <(E-Mail Removed) >,
Scott Emick <(E-Mail Removed)> wrote:
:This is what I have:

:Cisco PIX Firewall Version 6.1(1)
:Cisco PIX Device Manager Version 1.0(2)

:Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 350 MHz
:Flash i28F640J5 @ 0x300, 16MB


You accidently omitted the question

If the question is whether 6.3(3) is supported on that hardware,
the answer is Yes, the PIX-520 and PIX-520-XM (which is what you
probably have) with 128 Mb RAM and 16 Mb flash is supported by 6.3(3).


You should, though, not expect to be able to upgrade to PIX 7.0 when
it is released from beta -- my "reading between the lines" is that
the 510 and 520 will not be supported, and it that is plausible that
the 506 and 515 might not be either (but that the 506E and 515E would
likely be supported.)
--
vi -- think of it as practice for the ROGUE Olympics!
 
Reply With Quote
 
 
 
 
Scott Emick
Guest
Posts: n/a
 
      05-10-2004
Yes my question was can I upgrade to 6.3 and are there any additional
requirements. We want the 3DES.

Thanks,

Scott

http://www.velocityreviews.com/forums/(E-Mail Removed)-cnrc.gc.ca (Walter Roberson) wrote in message news:<c7gdvl$omd$(E-Mail Removed)>...
> In article <(E-Mail Removed) >,
> Scott Emick <(E-Mail Removed)> wrote:
> :This is what I have:
>
> :Cisco PIX Firewall Version 6.1(1)
> :Cisco PIX Device Manager Version 1.0(2)
>
> :Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 350 MHz
> :Flash i28F640J5 @ 0x300, 16MB
>
>
> You accidently omitted the question
>
> If the question is whether 6.3(3) is supported on that hardware,
> the answer is Yes, the PIX-520 and PIX-520-XM (which is what you
> probably have) with 128 Mb RAM and 16 Mb flash is supported by 6.3(3).
>
>
> You should, though, not expect to be able to upgrade to PIX 7.0 when
> it is released from beta -- my "reading between the lines" is that
> the 510 and 520 will not be supported, and it that is plausible that
> the 506 and 515 might not be either (but that the 506E and 515E would
> likely be supported.)

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      05-10-2004
In article <(E-Mail Removed) >,
Scott Emick <(E-Mail Removed)> wrote:
:Yes my question was can I upgrade to 6.3 and are there any additional
:requirements. We want the 3DES.

Your PIX-520-XM with the hardware you showed should not require anything
addition to upgrade to PIX 6.3.

The base PIX software supports 3DES, but you need the proper activation
key for it. After you do the PIX 6.3 upgrade, you would fill out
an online form on cisco.com (needs CCO registration, but does
not need a support contract) and provided you fit the legal parameters,
Cisco will send you a new activation key that you would then enter in.
(There's a command in 6.2+ to allow you to enter a new activation
key without reloading the software.)

[Note: if you had a special feature on one of the PIXes, such as
the 50-user license on a 501, or Unrestricted or Failover, then sometimes
the key that gets generated will be missing the special feature, and
you need to write to Cisco to get it straightened out. They are usually
fairly prompt about it.]

--
Pity the poor electron, floating around minding its own business for
billions of years; and then suddenly Bam!! -- annihilated just so
you could read this posting.
 
Reply With Quote
 
Scott Emick
Guest
Posts: n/a
 
      05-11-2004
We do have unrestricted. So how hard would it be for me to upgrade
the IOS on the box with a contigency for rollback, since this is our
production box for e-commerce website etc. ???

Thanks,

Scott Emick

(E-Mail Removed)-cnrc.gc.ca (Walter Roberson) wrote in message news:<c7o6n4$1kg$(E-Mail Removed)>...
> In article <(E-Mail Removed) >,
> Scott Emick <(E-Mail Removed)> wrote:
> :Yes my question was can I upgrade to 6.3 and are there any additional
> :requirements. We want the 3DES.
>
> Your PIX-520-XM with the hardware you showed should not require anything
> addition to upgrade to PIX 6.3.
>
> The base PIX software supports 3DES, but you need the proper activation
> key for it. After you do the PIX 6.3 upgrade, you would fill out
> an online form on cisco.com (needs CCO registration, but does
> not need a support contract) and provided you fit the legal parameters,
> Cisco will send you a new activation key that you would then enter in.
> (There's a command in 6.2+ to allow you to enter a new activation
> key without reloading the software.)
>
> [Note: if you had a special feature on one of the PIXes, such as
> the 50-user license on a 501, or Unrestricted or Failover, then sometimes
> the key that gets generated will be missing the special feature, and
> you need to write to Cisco to get it straightened out. They are usually
> fairly prompt about it.]

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      05-11-2004
In article <(E-Mail Removed) >,
Scott Emick <(E-Mail Removed)> top-posted:
:(E-Mail Removed)-cnrc.gc.ca (Walter Roberson) wrote in message news:<c7o6n4$1kg$(E-Mail Removed)>...
:> [Note: if you had a special feature on one of the PIXes, such as
:> the 50-user license on a 501, or Unrestricted or Failover, then sometimes
:> the key that gets generated will be missing the special feature, and
:> you need to write to Cisco to get it straightened out. They are usually
:> fairly prompt about it.]


:We do have unrestricted. So how hard would it be for me to upgrade
:the IOS on the box with a contigency for rollback, since this is our
roduction box for e-commerce website etc. ???

The PIX 520 used to be licensed by connection counts, but is now
feature-based. What I gathered, perhaps incorrectly, is that effectively
all PIX 520's running "new enough" software are equivilent to
Unrestricted, and thus there shouldn't be any potential problem
about a lower key being issued. http://www.velocityreviews.com/forums/(E-Mail Removed) (phone #1-800-553-2447
in Canada/USA) should be able to answer more authoratatively
about that.

Rolling back the PIX version should be about the same as installing
the PIX version in the first place -- but keep a copy of the old
config saved, as some of the configuration upgrades that are automatically
done upon the upgrade are not going to be recognized after the downgrade.
That could lead to some subtle problems; a few statements could effectively
get lost in an upgrade / downgrade cycle.

Upgrading or downgrading a PIX is not difficult in itself, but if
you are in the habit of using a tftp "master copy" of the
configuration instead of treating the PIX live configuration as the
"master copy", then after an upgrade you would want to tftp off
the pix running configuration and compare it to the saved configuration,
as some statements move around and some get extra parameters added
and so on. If your config is big, the comparison can take a while.
But it isn't usually hard, just tedious.

I should note, though, that none of my pixes would be considered
"production boxes" in the same sense as yours. If our PIX goes down
for a little, or has to be rebooted, or if I mess up the configuration a bit,
then it's not a big deal to us. If I were running a production
environment, I would keep a lab-bench duplicate device and run the
upgrade on it first (and possibly do a device swap at that point,
so as to keep downtime to a minimum.)
--
I wrote a hack in microcode,
with a goto on each line,
it runs as fast as Superman,
but not quite every time! -- Don Libes et al.
 
Reply With Quote
 
Joey
Guest
Posts: n/a
 
      05-11-2004
That sux about the 520 possibly not getting 7.0. I know of more
places running that one than any other model... And there's *nothing*
wrong with it technology-wise. After all they're all x86s'! Oh well.
:/

On 7 May 2004 16:37:09 GMT, (E-Mail Removed)-cnrc.gc.ca (Walter
Roberson) wrote:

>In article <(E-Mail Removed) >,
>Scott Emick <(E-Mail Removed)> wrote:
>:This is what I have:
>
>:Cisco PIX Firewall Version 6.1(1)
>:Cisco PIX Device Manager Version 1.0(2)
>
>:Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 350 MHz
>:Flash i28F640J5 @ 0x300, 16MB
>
>
>You accidently omitted the question
>
>If the question is whether 6.3(3) is supported on that hardware,
>the answer is Yes, the PIX-520 and PIX-520-XM (which is what you
>probably have) with 128 Mb RAM and 16 Mb flash is supported by 6.3(3).
>
>
>You should, though, not expect to be able to upgrade to PIX 7.0 when
>it is released from beta -- my "reading between the lines" is that
>the 510 and 520 will not be supported, and it that is plausible that
>the 506 and 515 might not be either (but that the 506E and 515E would
>likely be supported.)


 
Reply With Quote
 
John Llort
Guest
Posts: n/a
 
      05-13-2004

"Joey" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> That sux about the 520 possibly not getting 7.0. I know of more
> places running that one than any other model... And there's *nothing*
> wrong with it technology-wise. After all they're all x86s'! Oh well.
> :/


But then how will cisco sell new hardware?, the 520 is old and has been
EOL'ed


 
Reply With Quote
 
John Llort
Guest
Posts: n/a
 
      05-13-2004

>
> You should, though, not expect to be able to upgrade to PIX 7.0 when
> it is released from beta -- my "reading between the lines" is that
> the 510 and 520 will not be supported, and it that is plausible that
> the 506 and 515 might not be either (but that the 506E and 515E would
> likely be supported.)
> --
> vi -- think of it as practice for the ROGUE Olympics!


Last I heard the 515 and 506 (non e models) will be supported but the 520
will never move beyond 6.3.x


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
instructions on how to perform an IOS upgrade on a Catalyst 6500 switch (IOS to IOS) Mike Rahl Cisco 1 05-30-2007 05:22 PM
newbie - pix 520/ios 6.3(4) static routing problem vrankom@gmail.com Cisco 2 11-17-2006 01:51 PM
pix 501 and 520 ios douglas w scott Cisco 1 11-05-2004 05:11 AM
upgrade IOS Pix 520 TECHNISERV CISCO 3COM PROXIM Cisco 1 09-29-2004 11:24 AM
does cisco PIX 520 IOS 5.1 support ipsec over tcp? Scott Emick Cisco 1 07-16-2004 06:58 PM



Advertisments