If you have a Cisco PIX 515 and want to upgrade to the new 7.0 software, you are required to upgrade memory first. By default, the pix comes with 64Mb memory unless you buy a unit after the 7.0 software became generally available. What I am about to describe is by no means a recommendation on how to upgrade your pix – it just makes for good reading. :>)
Now that the disclaimer is out of the way, here is how I got my hardware prepped for the software upgrade in less than 20 minutes at a cost of $0.
First, I removed a 128Mb SDRAM memory module out of a recently decommissioned Dell GXi desktop computer and headed to the testlab. The PIX is a 515E model, but I believe the memory is the same in the original 515.
I backup up the configuration before I pulled the box out of the rack (very important). Once on the bench it is time to remove the cover.
To easiest way to get the cover off, is to just remove the top two screws from each rack mount bracket and then remove the four screws located on the rear of the top cover. Then press down on the top cover and push/slide back (toward the rear of the unit) until a gap in the front of the top cover is exposed. Once the gap is made, the cover will lift straight up.
This PIX had two 32Mb memory modules installed, so I removed both of them…
The new memory module went into the first memory slot which is the leftmost memory slot if you are looking down at the chassis from the front of the firewall. In this picture taken from the side, it would be the rear slot.
Now, it’s time to put the cover back on – re-install into the rack and power up.
Here is the output at bootup after the memory has been installed…
CISCO SYSTEMS PIX FIREWALL
Embedded BIOS Version 4.3.207 01/02/02 16:12:22.73
Compiled by morlee
128 MB RAM
PCI Device Table.
Bus Dev Func VendID DevID Class Irq
00 00 00 8086 7192 Host Bridge
00 07 00 8086 7110 ISA Bridge
00 07 01 8086 7111 IDE Controller
00 07 02 8086 7112 Serial Bus 9
00 07 03 8086 7113 PCI Bridge
00 0D 00 8086 1209 Ethernet 11
00 0E 00 8086 1209 Ethernet 10
00 11 00 14E4 5823 Co-Processor 11
00 13 00 8086 B154 PCI-to-PCI Bridge
01 04 00 8086 1229 Ethernet 11
01 05 00 8086 1229 Ethernet 10
01 06 00 8086 1229 Ethernet 9
01 07 00 8086 1229 Ethernet 5
Cisco Secure PIX Firewall BIOS (4.2) #0: Mon Dec 31 08:34:35 PST 2001
Platform PIX-515E
System Flash=E******* @ 0xfff00000
Use BREAK or ESC to interrupt flash boot. Use SPACE to begin flash boot immediately. Flash boot in 10 seconds.
Reading 1962496 bytes of image from flash. ####
128MB RAM
mcwa i82559 Ethernet at irq 11 MAC: ****.****.****
mcwa i82559 Ethernet at irq 10 MAC: ****.****.****
mcwa i82559 Ethernet at irq 11 MAC: ****.****.****
mcwa i82559 Ethernet at irq 10 MAC: ****.****.****
mcwa i82559 Ethernet at irq 9 MAC: ****.****.****
mcwa i82559 Ethernet at irq 5 MAC: ****.****.****
System Flash=E******* @ 0xfff00000
BIOS Flash=am******* @ 0xd8000
Crypto5823 (revision 0×1)
———————————————————————–
|| ||
|| ||
|||| ||||
..:||||||:..:||||||:..
c i s c o S y s t e m s
Private Internet eXchange
———————————————————————–
Cisco PIX Firewall
Cisco PIX Firewall Version 6.3(4)
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Disabled
Maximum Physical Interfaces: 6
Maximum Interfaces: 10
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has an Unrestricted (UR) license.
****************************** Warning *******************************
Compliance with U.S. Export Laws and Regulations – Encryption.
This product performs encryption and is regulated for export
by the U.S. Government.
This product is not authorized for use by persons located
outside the United States and Canada that do not have prior
approval from Cisco Systems, Inc. or the U.S. Government.
This product may not be exported outside the U.S. and Canada
either by physical or electronic means without PRIOR approval
of Cisco Systems, Inc. or the U.S. Government.
Persons outside the U.S. and Canada may not re-export, resell
or transfer this product by either physical or electronic means
without prior approval of Cisco Systems, Inc. or the U.S.
Government.
******************************* Warning *******************************
Copyright (c) 1996-2003 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
outside interface address added to PAT pool
Cryptochecksum(unchanged): ******** ******** ******** ********
Type help or ‘?’ for a list of available commands.
pixlab> en
Username: cisco
Password: *****
pixlab# sh ver
Cisco PIX Firewall Version 6.3(4)
Cisco PIX Device Manager Version 3.0(1)
Compiled on Fri 02-Jul-04 00:07 by morlee
pixlab up 37 secs
Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E******** @ 0×300, 16MB
BIOS Flash AM******* @ 0x********, 32KB
Encryption hardware device : VAC+ (Crypto5823 revision 0×1)
0: ethernet0: address is ****.****.****, irq 10
1: ethernet1: address is ****.****.****, irq 11
2: ethernet2: address is ****.****.****, irq 11
3: ethernet3: address is ****.****.****, irq 10
4: ethernet4: address is ****.****.****, irq 9
5: ethernet5: address is ****.****.****, irq 5
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Disabled
Maximum Physical Interfaces: 6
Maximum Interfaces: 10
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has an Unrestricted (UR) license.
Serial Number: ********* (0x********)
Running Activation Key: 0x******** 0x******** 0x******** 0x********
Configuration has not been modified since last system restart.
pixlab#
Cool, it worked. Part two of this story will be the actual software upgrade. Enjoy….