2-30
Installation Guide for the Cisco Secure PIX Firewall Version 5.2
78-11180-01
Chapter 2 Installing a PIX Firewall
Software Installation Notes
The following is an example session:
Cisco Secure PIX Boothelper Version 5.2(1)
pixboothelper> a 10.132.12.66
address:10.132.12.66
pixboothelper> s 10.129.0.2
server 10.129.0.2
pixboothelper> i 0
current interface is 0
0: i82557 @ PCI(bus:0 dev:13 irq:11) ethernet0 100basetx
1: i82557 @ PCI(bus:0 dev:14 irq:10) ethernet1 not_init
2: i82557 @ PCI(bus:0 dev:15 irq:15) ethernet2 not_init
pixboothelper> f pix-5.2.1-release
file pix-5.2.1-release
pixboothelper> tftp
tftp
pix-5.2.1-release@10.129.0.2...........................................................
................................
Step 9 After the image downloads, you are prompted to install the new image. Enter y.
Step 10 When you are prompted, enter your activation key.
Step 11 After you enter your activation key, PIX Firewall prompts you to remove the Boothelper diskette. You
have 30 seconds to remove the diskette. During this time you have three options:
a. Remove the diskette and reboot the unit with the reboot switch.
b. Use the reload command while the diskette is in the unit.
c. After the interval, the PIX Firewall will automatically boot from the Boothelper diskette.
After Boothelper downloads the PIX Firewall image via TFTP, it verifies the checksum of the image. If
it is not version 5.1 or later, it displays the message “Checksum verification on flash image failed” and
reboots the PIX Firewall.
Keep the Boothelper diskette available for future upgrades. You will need to repeat these steps whenever
you download an image to your PIX Firewall unit. Alternatively, you can use the copy tftp flash
command to download an image directly from the PIX Firewall command line. Refer to “Using the copy
tftp flash Command” for more information.
Downloading a Software Image over TFTP
The PIX 506, PIX 515, and PIX 525 receive their boot image from either Flash memory or by
downloading the image from a TFTP server. You can obtain a TFTP server as an option from Cisco, you
can use the TFTP server provided with UNIX, or you can use a TFTP server available for your
computer.
You can download a free TFTP server from Cisco at the following site:
http://www.cisco.com/pcgi-bin/tablebuild.pl/tftp
Because the PIX 506, PIX 515, and PIX 525 do not have a diskette drive, you need to send a binary
image to the unit using Trivial File Transfer Protocol (TFTP). The PIX 506, PIX 515, and PIX 525 have
a special mode called ROM monitor mode that lets you retrieve the binary image over the network.
You can get the most current PIX Firewall software image from the following site:
http://www.cisco.com/cgi-bin/tablebuild.pl/pix