升级PIX至8.0全过程

justsoso · 发表于 2007-6-26 21:25:01

此贴初始是PIX OS 7.0

准备好升级文件“pix802.bin”，注意这里是.bin文件，如果你手头是.rar文件，先解压里面就有我们升级需要的.bin。在PC上安装Cisco TFTP Server，双击运行。将“pix802.bin”升级文件复制到Cisco TFTP Server的安装目录下。（有需要的话先将PIX原有OS导出，请执行“copy flash tftp”,这里不在详细介绍)
废话少说，准备升级。
首先把以前的OS擦掉，别犹豫! 执行“erase flash”（平时可不能用这命令哦，会闯祸的!!!）
pixfirewall#erase flash
执行完这条命令后千万千万要注意不要重启。接下来我们给eht1口配个IP：192.168.1.1，我们要用这个口跟PC机的网口相连。同样我们还要给PC机配置一个IP：192.168.1.100（这个IP 不用说了，要跟PIX的eth1在同一个网段），我们要在PC上用ping的命令验证与PIX的连通性。
pixfirewall# con t

pixfirewall(config)# interface ethernet1 --进入端口模式
pixfirewall(config-if)# ip address 192.168.1.1 255.255.255.0 --配置e1口的IP

pixfirewall(config-if)# nameif inside --配置e1口为防火墙的inside口
NFO: Security level for "inside" set to 100 by default. --提示信息

pixfirewall(config-if)# no shutdown --激活inside口

pixfirewall(config-if)# ping 192.168.1.100                                                 --测试与PC机的连通性
Sending 5, 100-byte ICMP Echos to 192.168.1.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
注意:如果不能ping通的话，我们需要在PIX上加一条默认路由指向PC的IP地址。
pixfirewall(config)# route  inside  0  0 192.168.1.100
然后开始升级
pixfirewall# copy tftp flash                                                                复制tftp里的文件到flash里
Address or name of remote host []? 192.168.1.100                            升级文件所在的IP地址
Source filename []? pix802.bin                                                          要复制的文件
Destination filename [pix802.bin]?                                                       要放到flash里面显示的文件名
Accessing tftp://192.168.1.100/pix802.bin.. ... !!!!!!!!!!!!!!!!!!!
Writing file flash:/pix802.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
7188480 bytes copied in 140.770 secs (51346 bytes/sec)
pixfirewall# sh flash
Directory of flash:/
5
-rw-
7188480
01:20:07 Jan 01 1993
pix802.bin
15998976 bytes total (8808448 bytes free)

我们还有一个PIX图形化界面的包，以同样的方式复制到flash里。
pixfirewall# copy tftp flash
Address or name of remote host [192.168.1.100]?
Source filename [pix802.bin]? asdm-602.bin
Destination filename [asdm-602.bin]?
Accessing tftp://192.168.1.100/asdm-602.bin ... !!!!!!!!!!!!!!!!!!!
Writing file flash:/asdm-602.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
6889764 bytes copied in 149.320 secs (46240 bytes/sec)
pixfirewall#
pixfirewall# sh flash
Directory of flash:/5                   -rw-    7188480       01:20:07 Jan 01 1993
               pix802.bin    6       -rw-    6889764       01:25:10 Jan 01 1993
               asdm-602.bin                15998976 bytes total (1918464 bytes free)
pixfirewall# sh ver
Cisco PIX Security Appliance Software Version 8.0(2)
Compiled on Fri 15-Jun-07 18:25 by builders
System image file is "flash:/pix802.bin"
Config file at boot was "startup-config"
pixfirewall up 22 secs
Hardware:
PIX-515, 160 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: Ext: Ethernet0 : address is 0005.328f.8b88, irq 11

1: Ext: Ethernet1  : address is 0005.328f.8b89, irq 10

2: Ext: Ethernet2 : address is 00d0.b780.aaaf, irq 9

3: Ext: Ethernet3 : address is 8080.0080.d29c, irq 7
Licensed features for this platform:
Maximum Physical Interfaces: 6

Maximum VLANs: 25

Inside Hosts: Unlimited
Failover: Active/Active
VPN-DES: Enabled

VPN-3DES-AES: Enabled

Cut-through Proxy: Enabled

Guards: Enabled

URL Filtering: Enabled

Security Contexts: 2

GTP/GPRS: Disabled

VPN Peers: Unlimited
This platform has an Unrestricted (UR) license.
Serial Number: 480361230
Running Activation Key: 0xd87f8b0c 0xb0c161cb 0x7580dcb2 0xcc0a71de
Configuration has not been modified since last system restart.

network · 发表于 2007-6-27 04:58:11

PIX升级与恢复
Rebooting....

Wait.....
PCI Device Table.
Bus Dev Func VendID DevID Class             Irq
00  00  00 8086 7192  Host Bridge
00  07  00 8086 7110  ISA Bridge
00  07  01 8086 7111  IDE Controller
00  07  02 8086 7112  Serial Bus       9
00  07  03 8086 7113  PCI Bridge
00  0D  00 8086 1209  Ethernet          11
00  0E  00 8086 1209  Ethernet          10
Cisco Secure PIX Firewall BIOS (4.0) #39: Tue Nov 28 18:44:51 PST 2000
Platform PIX-525
System Flash=E28F128J3 @ 0xfff00000
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Flash boot interrupted.
0: i8255X @ PCI(bus:0 dev:14 irq:10)
1: i8255X @ PCI(bus:0 dev:13 irq:11)
Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC: 0030.8587.5a0d
Use ? for help.
monitor> int 1
0: i8255X @ PCI(bus:0 dev:14 irq:10)
1: i8255X @ PCI(bus:0 dev:13 irq:11)
Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC: 0030.8587.5a0d
monitor> address 192.168.2.222
address 192.168.2.222
monitor> server 192.168.2.199
server 192.168.2.199
monitor> file pix721.bin
file pix721.bin
monitor> ping 192.168.2.199
Sending 5, 100-byte 0x534b ICMP Echoes to 192.168.2.199, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor> tftp
tftp [email=pix721.<a href=]bin@192.168.2.199[/email]" target="_blank">pix721.bin@192.168.2.199.......................................................................................................

Monitor模式下升级IOS是写入内存的，引导后需要再次将IOS写入Flash.
密码恢复方式与升级相同，只需将IOS换为对应版本的恢复软件

配置步骤如下：
重起PIX
ESC进入监视模式
interface
interface 0
address 10.0.0.1
server 10.0.0.2
file pix704.bin
ping 10.0.0.2
tftp
IOS会加载引导
进入7。0后，到这里升级只到了一半
en
conf t
interface e1
nameif inside
ip address 10.0.0.1 255.255.255.0
no shut
end
ping 10.0.0.2
copy tftp: flash:

conf t
boot system flash:/pix704.bin
show bootv
wr

network · 发表于 2008-10-23 08:38:36

PIX 515E-R IOS升级收藏

PIX 515E-R IOS升级收藏

1．PIX 515E- R、PIX 515E-UR、PIX 515E-FO系列

Cisco PIX 515E"有限制"（PIX 515E-R）型号可以为那些寻求具有最低限度接口密度和VPN吞吐量的、强大的Cisco PIX防火墙的企业提供出色的价值。

Cisco PIX 515E的"无限制"（PIX 515E-UR）型号可以通过集成化的、基于硬件的VPN加速支持状态故障恢复、添加LAN接口和增加VPN吞吐量，从而拓展了这个系列的功能。

Cisco PIX 515E的"故障恢复"（PIX 515E-FO）型号采用了独特的设计，可以与一个PIX 515E-UR协作，提供一个成本非常低廉的、高可用性的解决方案。

2．软件使用许可证

软件使用许可证（activation key）决定了PIX的型号是R、UR还是FO，而不是由PIX的IOS版本决定，因此升级IOS并不会改变PIX的型号。

软件使用许可证由4段8位十六进制数组成，需要从思科公司购买获得。

3．不同IOS版本的升级方法

PIX 5.1之前的版本升级IOS需要从monitor模式进行，PIX5.1之后的版本支持通过执行copy tftp flash命令来升级IOS。

本次IOS升级是从pix6.3(3)升级到pix6.3(4)，因此下面使用copy tftp flash升级IOS。

■ 升级前的准备

1．  TFTP服务软件

2．  pix6.3(3).bin和pix6.3(4).bin文件

3．  记录下show version中的信息，如序列号、软件许可证等信息(附1)

■ 建立TFTP服务器

1．将TFTP软件安装在局域网内的任一台PC上，并运行。

2．点击‘查看’->‘选项’设置TFTP文件存放的根目录，以后上传下载的文件均取自此目录

3．将pix6.3(4).bin放入TFTP服务器的根目录下

■ 使用copy tftp flash命令升级IOS

pix515e(config)# copy tftp flash

Address or name of remote host [] ? 192.1.2.66  //TFTP服务器的IP地址

Source filename [] ? pix634.bin             //TFTP服务器根目录下的IOS文件名

Destination filename [img] ? pix634.bin    //保存到flash上的IOS文件名

Accessing tftp://192.1.2.66/pix634.bin...!!!!!!!!!!

…………

Writing file flash:pix634.bin...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

……

■ 重启PIX完成升级

pix515e# reload

■ 查看PIX版本信息

pix515e# show version

Cisco PIX Firewall Version 6.3(4)

Cisco PIX Device Manager Version 3.0(2)

Compiled on Fri 02-Jul-04 00:07 by morlee

pix515e up 4 hours 45 mins

Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: ethernet0: address is 0013.1952.79f6, irq 10

1: ethernet1: address is 0013.1952.79f7, irq 11

2: ethernet2: address is 00a9.400f.e174, irq 11

Licensed Features:

Failover:                   Disabled

VPN-DES:                   Enabled

VPN-3DES-AES:             Disabled

Maximum Physical Interfaces: 3

Maximum Interfaces:       5

Cut-through Proxy:          Enabled

Guards:                   Enabled

URL-filtering:             Enabled

Inside Hosts:             Unlimited

Throughput:                Unlimited

IKE peers:                Unlimited

This PIX has a Restricted (R) license.

Serial Number: ********

Running Activation Key: ********

Configuration last modified by enable_15 at 17:27:18.917 UTC Wed Apr 18 2007

附1. 升级前的版本信息

Cisco PIX Firewall Version 6.3(3)

Cisco PIX Device Manager Version 3.0(2)

Compiled on Wed 13-Aug-03 13:55 by morlee

pix515e up 26 mins 26 secs

Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: ethernet0: address is 0013.1952.79f6, irq 10

1: ethernet1: address is 0013.1952.79f7, irq 11

2: ethernet2: address is 00a9.400f.e174, irq 11

Licensed Features:

Failover:                   Disabled

VPN-DES:                   Enabled

VPN-3DES-AES:             Disabled

Maximum Physical Interfaces: 3

Maximum Interfaces:       5

Cut-through Proxy:          Enabled

Guards:                   Enabled

URL-filtering:             Enabled

Inside Hosts:             Unlimited

Throughput:                Unlimited

IKE peers:                Unlimited

This PIX has a Restricted (R) license.

Serial Number: ********

Running Activation Key: ********

Configuration last modified by enable_15 at 16:28:26.323 UTC Thu Apr 12 2007

network · 发表于 2008-10-25 13:08:47

另外可以实现不格式化7.0的IOS，同步考倍8.0.起来后再煽掉7.0。可保证不间断升级。配置同步升级

账号		自动登录	找回密码
密码			注册