原创 pix525 6.3(5) 升级到8.04 过程
合集下载
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
INFO: converting 'fixup protocol dns maximum-length 512' to MPF commands
INFO: converting 'fixup protocol ftp 21' to MPF commands
INFO: converting 'fixup protocol h323_h225 1720' to MPF commands
9、配上接口地址,TFTP服务器地址等等,开始TFTP下载新版PIXOS。
monitor> address 192.168.1.1
address 192.168.1.1
monitor> server 192.168.1.2
server 192.168.1.2
monitor> ping 192.168.1.2
Sending 5, 100-byte 0x7970 ICMP Echoes to 10.32.2.78, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor> file pix804.bin
file pix701.bin
flashfs[7]: erasing block 125...done.
flashfs[7]: 0 files, 1 directories
flashfs[7]: 0 orphaned files, 0 orphaned directories
flashfs[7]: Total bytes: 16128000
pixfirewall(config)# exit
pixfirewall# ping 192.168.1.2
6、好了,重启PIX,准备升级。
这是启动的画面,比较多字符。
按esc中断FLASH引导,进入monitor模式下。
Wait.....
monitor>
Invalid or incorrect command. Use 'help' for help.
UR版本防火墙上直接可以PING通192.168.1.2
但FO版本防火墙就是要清除配置文件才可以PING通。
pixfirewall# conf t
pixfirewall(config)#clear config all
PIX525UR与FO版本的8.04版本是一样的。
pixfirewall#copy tftp flash
1.查看当前版本
pixfirewall# sh ver
Cisco PIX Firewall Version 6.3(4)
2、检查一下flash能不能访问:
pixfirewall# sh flash
3、检查原来的配置,保存之
pixfirewall# sh ru
pixfirewall# wr
INFO: converting 'fixup protocol skinny 2000' to MPF commands
INFO: converting 'fixup protocol smtp 25' to MPF commands
Cisco PIX Security Appliance Software Version 8.0(4)
xfirewall# wr
18、最后重启大功告成
pixfirewall# reload
14、启动完成,看看有没有什么新变化
pixfirewall> en
Password:
pixfirewall# sh run
: Saved
PIX Version 8.0(4)
15、查看新版本
pixfirewall# sh ver
pixfirewall# sh flash
16、记得重新安装一次COPY一次到FLASH
flashfs[7]: Bytes used: 1024
flashfs[7]: Bytes available: 16126976
flashfs[7]: flashfs fsck took 161 seconds.
flashfs[7]: Initialization complete.
12、继续引导:
monitor> tftp
tftp pix804.bin@192.168.1.2
…………
Received 7124096 bytes
Cisco PIX Security Appliance admin loader (3.0) #0: Thu sep 31 21:03:05 PST 2008
INFO: converting 'fixup protocol rsh 514' to MPF commands
INFO: converting 'fixup protocol rtsp 554' to MPF commands
INFO: converting 'fixup protocol sip 5060' to MPF commands
####################################################
……
512MB RAM
10、下载完之后,PIX直接用新版PIXOS启动了
11、这里是检查整理一遍FLASH,并把原来的PIXOS映像存成image_old.bin
Initializing flashfs...
Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
--------------------------------------------------------------------------
13、自动转换一些配置
Cryptochecksum(unchanged): a24fcf17 7e777a56 ca8e0420 377bb244
monitor> interface 0
0: i8255X @ PCI(bus:0 dev:2 irq:255)
1: i8255X @ PCI(bus:0 dev:1 irq:255)
Using 0: i82559 @ PCI(bus:0 dev:2 irq:255), MAC: 000e.0c5f.a3f0
4、检查一下PIX上的interface,查看其工作状态:
pixfirewall# sh int
5、我在这里先配了一个FE口测试与终端的连通性,以便确保等一阵可以用TFTP(这个可以不配置)
pixfirewall(config)# ip address inf0 192.168.1.1 255.255.255.0
flashfs[7]: Checking block 0...block number was (-10627)
…………
flashfs[7]: erasing block 0...done.
flashfs[7]: Checking block 125...block number was (-1)
17、修改启动的版本
pixfirewall# conf t
pixfirewall(config)# boot system flash:pix804.bin
INFO: Converting flash:pix804.bin to flash:/pix804.bin
pixfirewall(config)# end
INFO: converting 'fixup protocol h323_ras 1718-1719' to MPF commands
INFO: converting 'fixup protocol http 80' to MPF commands
INFO: converting 'fixup protocol netbios 137-138' to MPF commands
7、查看在monitor下可用的interface,肯定就是那两个FE口了。
monitor> interface
0: i8255X @ PCI(bus:0 dev:2 irq:255)
1: i8255X @ PCI(bus:0 dev:1 irq:255)
8、这里我选用第一个fe口,就是刚才测试过的那个口
INFO: converting 'fixup protocol ftp 21' to MPF commands
INFO: converting 'fixup protocol h323_h225 1720' to MPF commands
9、配上接口地址,TFTP服务器地址等等,开始TFTP下载新版PIXOS。
monitor> address 192.168.1.1
address 192.168.1.1
monitor> server 192.168.1.2
server 192.168.1.2
monitor> ping 192.168.1.2
Sending 5, 100-byte 0x7970 ICMP Echoes to 10.32.2.78, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor> file pix804.bin
file pix701.bin
flashfs[7]: erasing block 125...done.
flashfs[7]: 0 files, 1 directories
flashfs[7]: 0 orphaned files, 0 orphaned directories
flashfs[7]: Total bytes: 16128000
pixfirewall(config)# exit
pixfirewall# ping 192.168.1.2
6、好了,重启PIX,准备升级。
这是启动的画面,比较多字符。
按esc中断FLASH引导,进入monitor模式下。
Wait.....
monitor>
Invalid or incorrect command. Use 'help' for help.
UR版本防火墙上直接可以PING通192.168.1.2
但FO版本防火墙就是要清除配置文件才可以PING通。
pixfirewall# conf t
pixfirewall(config)#clear config all
PIX525UR与FO版本的8.04版本是一样的。
pixfirewall#copy tftp flash
1.查看当前版本
pixfirewall# sh ver
Cisco PIX Firewall Version 6.3(4)
2、检查一下flash能不能访问:
pixfirewall# sh flash
3、检查原来的配置,保存之
pixfirewall# sh ru
pixfirewall# wr
INFO: converting 'fixup protocol skinny 2000' to MPF commands
INFO: converting 'fixup protocol smtp 25' to MPF commands
Cisco PIX Security Appliance Software Version 8.0(4)
xfirewall# wr
18、最后重启大功告成
pixfirewall# reload
14、启动完成,看看有没有什么新变化
pixfirewall> en
Password:
pixfirewall# sh run
: Saved
PIX Version 8.0(4)
15、查看新版本
pixfirewall# sh ver
pixfirewall# sh flash
16、记得重新安装一次COPY一次到FLASH
flashfs[7]: Bytes used: 1024
flashfs[7]: Bytes available: 16126976
flashfs[7]: flashfs fsck took 161 seconds.
flashfs[7]: Initialization complete.
12、继续引导:
monitor> tftp
tftp pix804.bin@192.168.1.2
…………
Received 7124096 bytes
Cisco PIX Security Appliance admin loader (3.0) #0: Thu sep 31 21:03:05 PST 2008
INFO: converting 'fixup protocol rsh 514' to MPF commands
INFO: converting 'fixup protocol rtsp 554' to MPF commands
INFO: converting 'fixup protocol sip 5060' to MPF commands
####################################################
……
512MB RAM
10、下载完之后,PIX直接用新版PIXOS启动了
11、这里是检查整理一遍FLASH,并把原来的PIXOS映像存成image_old.bin
Initializing flashfs...
Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
--------------------------------------------------------------------------
13、自动转换一些配置
Cryptochecksum(unchanged): a24fcf17 7e777a56 ca8e0420 377bb244
monitor> interface 0
0: i8255X @ PCI(bus:0 dev:2 irq:255)
1: i8255X @ PCI(bus:0 dev:1 irq:255)
Using 0: i82559 @ PCI(bus:0 dev:2 irq:255), MAC: 000e.0c5f.a3f0
4、检查一下PIX上的interface,查看其工作状态:
pixfirewall# sh int
5、我在这里先配了一个FE口测试与终端的连通性,以便确保等一阵可以用TFTP(这个可以不配置)
pixfirewall(config)# ip address inf0 192.168.1.1 255.255.255.0
flashfs[7]: Checking block 0...block number was (-10627)
…………
flashfs[7]: erasing block 0...done.
flashfs[7]: Checking block 125...block number was (-1)
17、修改启动的版本
pixfirewall# conf t
pixfirewall(config)# boot system flash:pix804.bin
INFO: Converting flash:pix804.bin to flash:/pix804.bin
pixfirewall(config)# end
INFO: converting 'fixup protocol h323_ras 1718-1719' to MPF commands
INFO: converting 'fixup protocol http 80' to MPF commands
INFO: converting 'fixup protocol netbios 137-138' to MPF commands
7、查看在monitor下可用的interface,肯定就是那两个FE口了。
monitor> interface
0: i8255X @ PCI(bus:0 dev:2 irq:255)
1: i8255X @ PCI(bus:0 dev:1 irq:255)
8、这里我选用第一个fe口,就是刚才测试过的那个口