how to upgrade to ASDM for pix 515e ?

[cisco99999]

Hello everyone,

I currently have a pix 515e, and i like to upgrade to use ASDM, I checked the cisco for hardware requirement and it says my pix is ok for ASDM.

===============================
pixfirewall# sh ver

Cisco PIX Security Appliance Software Version 7.0(2)

Compiled on Fri 15-Jul-05 22:55 by builders
System image file is "flash:/image.bin"
Config file at boot was "startup-config"

pixfirewall up 54 mins 5 secs

Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: Ext: Ethernet0 : address is 0016.4616.0990, irq 10
1: Ext: Ethernet1 : address is 0016.4616.0991, irq 11
2: Ext: Ethernet2 : address is 000e.0ca1.574c, irq 11

Licensed features for this platform:
Maximum Physical Interfaces : 3
Maximum VLANs : 10
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Disabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : Unlimited

This platform has a Restricted (R) license.

Running Activation Key: 0xecf126c5 0x90562e44 0xeff03b50
Configuration has not been modified since last system restart.
===================================

and here is sh configure
==================================
pixfirewall# sh configuration
: Saved
: Written by enable_15 at 21:09:17.180 UTC Tue Nov 15 2005 is 000e.0ca1.574c, irq 11
PIX Version 6.3(5)

Lic
interface ethernet0 auto shutdow
nameif ethernet1 inside security100 : Disabled
nameif ethernet2 intf2 security4DES : Enable
enable password 8Ry2YjIyt7RRXU24 encrypted3DES-AES : Disabled
passwd 2KFQnbNIdI.2KYOU encrypted-through Proxy : Enable
hostname pixfirewall
Gu
fixup protocol dns maximum-length 512
UR
fixup protocol ftp 21 : Enabled
fixup protocol h323 h225 1720Security Contexts :
fixup protocol h323 ras 1718-1719GTP/GPRS : Dis
fixup protocol http 80
V
fixup protocol rsh 514 : Unlimited
fixup protocol rtsp 554

This platform
fixup protocol sip 5060cense.
fixup protocol sip udp 5060Serial Number: 809461756
fixup protocol

mtu outside 1500
mtu inside 1500
mtu intf2 1500ixfirewall# sh
no ip address outside
pixfirewall# sh
ip address inside 192.168.1.1 255.255.255.0
: Saved
: Written by enable_15 at
no ip address intf2 Nov 15 2005
ip audit info action alarm
P
ip audit attack action alarm
interface ethernet0 a
pdm logging informational 100
interface eth
pdm history enable
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
Cryptochecksum:989949849206f8b7cc32777052c601e2
pixfirewall#
=====================================

What should i do first ? thanks

 

[garnetbobcat]

You need to download the right ASDM image for your PIX code and then follow the steps in this document.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9f9.shtml

The third section shows you how to do it with the CLI, since you don't already have ASDM installed.

Matt
CCSP

http://www.wr-mem.com

 

[cisco99999]

Can i ask what's software they used in that guide ?

http://www.cisco.com/warp/public/110/upgrade-pix-asa7x-asdm-a.gif

For pix 515e, what's software to use for this purpose ? sorry about newbie questions.

 

[garnetbobcat]

Since you're running Pix 7.0(2) you need to download ASDM 5.0(2) from Cisco's Software Center.

asdm-502.bin

Go here to download the software. You will need a Cisco.com login with a valid service contract associated to it.

http://www.cisco.com/cgi-bin/apps/tblbld/tablebuild.pl/pix?sort=date DESC

Matt
CCSP

http://www.wr-mem.com

 

[cisco99999]

Thanks Matt, but what software do i need to load the asdm-502.bin for pix 515e ? I just can't find any tutorial for do that manually by commands.

 

[garnetbobcat]

That doc shows how to install ASDM via ASDM and also via the command line interface (CLI). The third section shows how to do it via the CLI. Here is the direct link to that section:

http://www.cisco.com/en/US/products...ation_example09186a008067e9f9.shtml#maintask2

Basically you need to use TFTP to get the ASDM image on the PIX and then you need to use the asdm image command to tell the PIX what ASDM image to use. After that you need enable the http server. The steps are in the doc, but let us know if you need additional assistance.

Example:

copy tftp flash:
Address or name of remote host []? 172.16.31.1
Source filename []? asdm-502.bin
Destination filename [asdm-502.bin]?
Accessing tftp://172.16.31.1/asdm-502.bin...!!!!!!!!

asdm image flash:/asdm-502.bin
http server enable
http 192.168.1.0 255.255.255.0 inside
(where the address and mask are the address and mask of the host(s) you want to manage the PIX from)



Matt
CCSP

http://www.wr-mem.com