Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Anyone tried the new 7.0(1) software? 1
- Thread starter Joniels
- Start date
Tips to properly install and running ASDM on PIX OS 7.01
To install the ASDM from within the 7.0 pix you would copy tftp flash, give it the tftp server ip address, the source filename of the asdm file, and the destination filename.
Once the file is properly uploaded into the flash (which you can now verify with show flash in 7.0) you would just need to issue the command. "asdm image flash:/asdm-501.bin" of course replacing the asdm-501.bin with whatever you named the download of ASDM you have.
Pol
To install the ASDM from within the 7.0 pix you would copy tftp flash, give it the tftp server ip address, the source filename of the asdm file, and the destination filename.
Once the file is properly uploaded into the flash (which you can now verify with show flash in 7.0) you would just need to issue the command. "asdm image flash:/asdm-501.bin" of course replacing the asdm-501.bin with whatever you named the download of ASDM you have.
Pol
It is not possible to run the new version without matching the required RAM and flash. It will not run properly and PIX will keep on complain Insufficient Memory and ask you to upgrade, after that it reboots itself and prompt u the same message again.
I have upgraded my 525 to 7.0(1). The only problem so far is that it didn't convert my websense configuration, I had to re-enter it with the new syntax.
Otherwise it went great. I have a pretty complicated setup too (two ospf processes, failover, websense, multiple access-lists).
Otherwise it went great. I have a pretty complicated setup too (two ospf processes, failover, websense, multiple access-lists).
FYI for anyone who uses a PIX at their house using the 'ip address dhcp setroute' command..
There is a bug with this... When you reboot the box or do other things with the outside interface, it won't get its IP address correctly.. I've opened a TAC case, waiting to hear a fix..
Work around:
conf t
!
int eth0 (or outside interface)
shut
ip address dhcp setroute
no shut
!
end
There is a bug with this... When you reboot the box or do other things with the outside interface, it won't get its IP address correctly.. I've opened a TAC case, waiting to hear a fix..
Work around:
conf t
!
int eth0 (or outside interface)
shut
ip address dhcp setroute
no shut
!
end
Have a 525 running the production code now, was on the beta. It works pretty well, still behind some of the others in the market but it's large step in the right direction. Syngress is putting out a new book in a few months (weeks?) that is specific to the PIX using 7.0 code only. No references to 6.3 or earlier unless to make a point about whats been changed, dropped etc.
Major changes in the ca command structure, things like setting the ethernet interface speed/security are now interface commands, much like the router IOS, major changes in VPN commands, conduits are DOA as are fixup commands (now inspection) AAA has some minor and a few major changes, NAT has big changes and more. Alot of the changes will be either adding a parameter or two for an existing command or adjusting the command to be more IOS like. An example would be instead of using ca xxx, you will use crypto xxx. There is even a command to rollback (downgrade) to the old 6.3 code incase of major problems. The upgrade to 7.0 must take place from 6.3 code! Changes to ssh is now SSHv2 is supported along with SCOPY. NTP is pretty much the same but alot of syslog messages changed which is expected given the changes to VPN and etc.
This is the 100,000 foot view
it gets better the closer you get. Read the release notes! They answer alot of questions.
Mike S.
Home of the book "Network Security Using Linux"
Major changes in the ca command structure, things like setting the ethernet interface speed/security are now interface commands, much like the router IOS, major changes in VPN commands, conduits are DOA as are fixup commands (now inspection) AAA has some minor and a few major changes, NAT has big changes and more. Alot of the changes will be either adding a parameter or two for an existing command or adjusting the command to be more IOS like. An example would be instead of using ca xxx, you will use crypto xxx. There is even a command to rollback (downgrade) to the old 6.3 code incase of major problems. The upgrade to 7.0 must take place from 6.3 code! Changes to ssh is now SSHv2 is supported along with SCOPY. NTP is pretty much the same but alot of syslog messages changed which is expected given the changes to VPN and etc.
This is the 100,000 foot view
it gets better the closer you get. Read the release notes! They answer alot of questions.Mike S.
Home of the book "Network Security Using Linux"
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question