Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX 515E - Downgrade from 7.0 to 5.29 Mayhem

Reply
Thread Tools

PIX 515E - Downgrade from 7.0 to 5.29 Mayhem

 
 
Randal T. Rioux
Guest
Posts: n/a
 
      07-31-2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

I have a client who requires a security audit for a 525 with 5.29
running. All the other systems have been 6.x or 7.x. Needless to say I
haven't touched 5.x since Clinton was president.

My test machine here is a 515E with the following specs:

Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001
Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

After erasing the current image (I like a clean chip) and flashing the
pix529.bin image, I get either one of the following errors when booting
(depending on how I smack it around):

1. Image must be at least 7-0-0-0 error in file flash:/image.bin
No bootable image in flash. Please download an image from a network
server in the monitor mode

Failed to find an image to boot

2. No bootable image in flash. Please download an image from a
network server in the monitor mode

Failed to find an image to boot

Am I missing something? Would there be any reason for this image not to
work on a 515E? I've never downgraded, so something may need to be done
differently and I just don't know how.

Thanks for any help folks!

- --
Randal T. Rioux | Procyon Labs
IT Security R&D and Consulting
Virtual: www.procyonlabs.com
Physical: DC / Baltimore
PGP: gpg --keyserver pgp.mit.edu --recv-keys 0xD08D1941


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEzVepRrGMQdCNGUERA66OAKCW97ETsfNQ+Fqc1pF+uc YiKqJpXACfT9cn
3pjtdZealXo6D5Cgh01bWxY=
=es9i
-----END PGP SIGNATURE-----

--
Posted via a free Usenet account from http://www.teranews.com

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      07-31-2006
In article <44cd4a5f$0$16223$(E-Mail Removed)>,
Randal T. Rioux <(E-Mail Removed)> wrote:

>I have a client who requires a security audit for a 525 with 5.29
>running. All the other systems have been 6.x or 7.x. Needless to say I
>haven't touched 5.x since Clinton was president.


>My test machine here is a 515E with the following specs:


>Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001
>Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz


Tricky. The first version of PIX OS that supported the 515E at
all was PIX 5.2(7), just two subreleases before the version you
are attempting to test. And in PIX 5 and PIX 6, the maximum RAM
permitted on the 515E is 64 Kb.

>After erasing the current image (I like a clean chip) and flashing the
>pix529.bin image, I get either one of the following errors when booting
>(depending on how I smack it around):


Have you tried "flashfs" first ? PIX 5 used a different flash file
system directory organization.

Using "flashfs" is tricky: as best I can tell, after using it
you next have to drop down to the monitor mode. If you save your
configuration or if you reboot even once before going into the
monitor, then PIX OS will restore the old flashfs directory structure.
 
Reply With Quote
 
 
 
 
Randal T. Rioux
Guest
Posts: n/a
 
      07-31-2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Walter Roberson wrote:
> In article <44cd4a5f$0$16223$(E-Mail Removed)>,
> Tricky. The first version of PIX OS that supported the 515E at
> all was PIX 5.2(7), just two subreleases before the version you
> are attempting to test. And in PIX 5 and PIX 6, the maximum RAM
> permitted on the 515E is 64 Kb.


Does this mean I have to yank half the RAM out, or will it just not
address the excess?

> Have you tried "flashfs" first ? PIX 5 used a different flash file
> system directory organization.
>
> Using "flashfs" is tricky: as best I can tell, after using it
> you next have to drop down to the monitor mode. If you save your
> configuration or if you reboot even once before going into the
> monitor, then PIX OS will restore the old flashfs directory structure.


I can't figure out how to issue flashfs on 7.0(4) (current running
image, and the only one that seems to run).

It seems the problem may go deeper. I got the following message at boot
after flashing 6.1(5) on the box:

An internal assertion check has failed.
Copy the following message exactly as it appears,
along with any visible version strings, and
then call your support representative.

assertion "addr < sfmm_chip_size" failed: file "../flash/sfmm.c", line 255

I tried 5.2(9) again and got the same message. I'm perplexed!

Thanks for you fast response...
Randy


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEzXb/RrGMQdCNGUERA05XAJ9Jek8jIOWV/v7fgWmEBLbBaG6t2gCghMR0
DgDqv1rglzK3Sn/88utRPIs=
=VAho
-----END PGP SIGNATURE-----

--
Posted via a free Usenet account from http://www.teranews.com

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      07-31-2006
In article <(E-Mail Removed)>,
Randal T. Rioux <(E-Mail Removed)> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: RIPEMD160
>
>Walter Roberson wrote:
>> And in PIX 5 and PIX 6, the maximum RAM
>> permitted on the 515E is 64 Kb.


>Does this mean I have to yank half the RAM out, or will it just not
>address the excess?


I don't know; I've seen conflicting reports on that point. It
appears to vary according to how far back you are going.

>I can't figure out how to issue flashfs on 7.0(4) (current running
>image, and the only one that seems to run).


Looks like the appropriate command is "downgrade":
http://www.cisco.com/univercd/cc/td/....htm#wp1263742

It appears that you cannot directly go lower then 6.2 with that
command.


>It seems the problem may go deeper. I got the following message at boot
>after flashing 6.1(5) on the box:


> An internal assertion check has failed.


> assertion "addr < sfmm_chip_size" failed: file "../flash/sfmm.c", line 255


That looks to me like something related to RAM size.
 
Reply With Quote
 
Sioban
Guest
Posts: n/a
 
      07-31-2006

>> I can't figure out how to issue flashfs on 7.0(4) (current running
>> image, and the only one that seems to run).

>
> Looks like the appropriate command is "downgrade":
> http://www.cisco.com/univercd/cc/td/....htm#wp1263742
>
> It appears that you cannot directly go lower then 6.2 with that
> command.


Yep that's the command you need to use, flashfs has been modified, any attempt to flash with an
old binary is hazardous.

You'll have to downgrade to 6.3 or 6.2 and then flash with 5.29 firmware. (I think so)
 
Reply With Quote
 
Randal T. Rioux
Guest
Posts: n/a
 
      07-31-2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Sioban wrote:
>>> I can't figure out how to issue flashfs on 7.0(4) (current running
>>> image, and the only one that seems to run).

>> Looks like the appropriate command is "downgrade":
>> http://www.cisco.com/univercd/cc/td/....htm#wp1263742
>>
>> It appears that you cannot directly go lower then 6.2 with that
>> command.

>
> Yep that's the command you need to use, flashfs has been modified, any attempt to flash with an
> old binary is hazardous.
>
> You'll have to downgrade to 6.3 or 6.2 and then flash with 5.29 firmware. (I think so)


hmmmm... this may be a dumb question, but will I have any problems
loading 7 back on there when I'm done testing 5?

Thanks!
Randy


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEzoMkRrGMQdCNGUERA6JxAJ4ty08RhI7zV/VpzUxUxyHxAEqOEACaAyj5
LR5tAoC5zgpvRAYiPCm0yNc=
=1XQa
-----END PGP SIGNATURE-----

--
Posted via a free Usenet account from http://www.teranews.com

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      08-01-2006
In article <(E-Mail Removed)>,
Randal T. Rioux <(E-Mail Removed)> wrote:
>hmmmm... this may be a dumb question, but will I have any problems
>loading 7 back on there when I'm done testing 5?


You might have to load 6.2 first.
 
Reply With Quote
 
Randal T. Rioux
Guest
Posts: n/a
 
      08-01-2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Sioban wrote:
>>> I can't figure out how to issue flashfs on 7.0(4) (current running
>>> image, and the only one that seems to run).

>> Looks like the appropriate command is "downgrade":
>> http://www.cisco.com/univercd/cc/td/....htm#wp1263742
>>
>> It appears that you cannot directly go lower then 6.2 with that
>> command.

>
> Yep that's the command you need to use, flashfs has been modified, any attempt to flash with an
> old binary is hazardous.
>
> You'll have to downgrade to 6.3 or 6.2 and then flash with 5.29 firmware. (I think so)


WOOHOO!

Worked great. Just had to use "downgrade tftp://x.x.x.x/pix529.bin" and
it reformatted the flash perfectly. I can't thank you guys enough!

Now I need to get some work done

Randy



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEztNKRrGMQdCNGUERA+4gAJsHlaCueGHEEcMtcI/cIdI3/KApxQCgnXOx
9ISEI5Cam0IB2HX5w/KSmFk=
=YoWS
-----END PGP SIGNATURE-----

--
Posted via a free Usenet account from http://www.teranews.com

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Driver Error mayhem Muze Groops Computer Support 6 09-22-2007 06:07 PM
Wireless Homenetwork Mayhem =?Utf-8?B?UGhpbC5U?= Wireless Networking 12 01-26-2005 12:52 PM
"Pinging" & mouse/taskbar mayhem! gary Computer Support 1 10-21-2004 04:20 PM
Breakpoint Mayhem.... =?Utf-8?B?U2NvdHQ=?= ASP .Net 2 08-19-2004 05:43 PM
Mouse pointer mayhem... Tin-Char D'un Computer Support 5 07-27-2003 01:07 PM



Advertisments