[分享] Running PIX OS version 7.x on a 506E model

collected, equipment, knowledge, software

Before proceeding, keep in mind that Cisco will no longer support your hardware or software after doing this, so don’t bother trying to get support for it. I’ve decided to share this knowledge to assist those who are less fortunate to have access to a 515 model or ASA. Considering we pay enough money for books, classes, and equipment, this will help tremendously with studying for the CCIE-Security exam.
I’ve collected information from various forums and have concluded that none of the methods explained really work. Maybe because people don’t really want to share the information or maybe it’s because they are worried that Cisco will find out.
FYI, I’ve condensed the ’show’ outputs to allow for easier reading.
Here is what I’ve done to get the code to run.
You can’t do the upgrade with only 32MB of RAM, you will need 64MB. Lucky for me I had 2 506E models to use. I took the RAM from one unit and placed in the slot of the PIX I wanted to upgrade.
When you run a ’show version’, you should see the following output:
pixfirewall(config)# sh ver
Cisco PIX Firewall Version 6.3(5)
Compiled on Thu 04-Aug-05 21:40 by morlee
pixfirewall up 5 mins 45 secs
Hardware: PIX-506E, 64 MB RAM, CPU Pentium II 300 MHz
Flash E28F640J3 @ 0×300, 8MB
Notice the 64MB of RAM. This is important if you want to continue.
Next, I downloaded the pdm-304.bin file from Cisco’s website and renamed it to fakepdm.bin.
I started up the TFTP server and ran ‘copy tftp flash:pdm’ on the PIX.
pixfirewall(config)# copy tftp flash:pdm
Address or name of remote host [0.0.0.0]? 192.168.1.35
Source file name [cdisk]? fakepdm.bin
copying tftp://192.168.1.35/fakepdm.bin to flash:pdm
[yes|no|again]? yes
Erasing current PDM file
Writing new PDM file
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!tftp: Timed out during transfer
Erasing partial PDM file
PDM file not installed.
pixfirewall(config)#
After this message appears “Erasing current PDM file”, unplug the ethernet cable from the PIX. As you can see by my output above, the writing new PDM portion times out. Then you will see that the PIX is ‘Erasing partial PDM file’ and ‘PDM file not installed’.
You’ve basically cleared enough space in flash memory to run any upgrade.
I’ve decided to upgrade to version 7.01 only. It’s your choice if you want to go higher. I’m only doing this to prove that it CAN be done.
Next, I ran the upgrade as normal by issuing ‘copy tftp flash:image’ and used the pix701.bin file.
pixfirewall(config)# copy tftp flash:image
Address or name of remote host [0.0.0.0]? 192.168.1.35
Source file name [cdisk]? pix701.bin
copying tftp://192.168.1.35/pix701.bin to flash:image
[yes|no|again]? yes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Received 5124096 bytes
Erasing current image
Writing 5066808 bytes of image
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Image installed
pixfirewall(config)#
Once you reload the PIX, you will see several messages. Do not abort the reload/reboot sequence. It’s normal what you are about to see. The 7.x code is what’s causing the following output to appear that way. Just sit back and wait for the prompt.
pixfirewall(config)# reload
Proceed with reload? [confirm]
Rebooting..\uffff
Old file system detected. Attempting to save data in flash
Initializing flashfs…
flashfs[7]: Checking block 0…block number was (2423)
flashfs[7]: erasing block 0…done.
flashfs[7]: Checking block 1…block number was (24879)
flashfs[7]: erasing block 1…done.
flashfs[7]: Checking block 2…block number was (-16063)
flashfs[7]: erasing block 2…done.
…
flashfs[7]: erasing block 60…done.
flashfs[7]: Checking block 61…block number was (0)
flashfs[7]: erasing block 61…done.
flashfs[7]: 0 files, 1 directories
flashfs[7]: 0 orphaned files, 0 orphaned directories
flashfs[7]: Total bytes: 7870464
flashfs[7]: Bytes used: 1024
flashfs[7]: Bytes available: 7869440
flashfs[7]: flashfs fsck took 90 seconds.
flashfs[7]: Initialization complete.
Saving the datafile
!
Saving a copy of old datafile for downgrade
!
Saved the activation key from the flash image
Saved the default firewall mode (single) to flash
Saving image file as image.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Upgrade process complete
Need to burn loader….
Erasing sector 0…[OK]
Burning sector 0…[OK]
Once the checking and erasing is complete, you will notice that your 506E is now running 7.0(1) code.
Cisco PIX Security Appliance Software Version 7.0(1)
I guess now after knowing this, the sales prices for the 506Es on eBay will start to come down.