Easy IT Learning to be IT Professional: Upgrade IOS Pix Firewall

Hari ini lagi pengen nulis artikel IT, setelah satu bulan sebelumnya yang ada pikiranku tentang isu-isu keagamaan.
Minggu depan ditugaskan ngajar di Bandung dan temanya tentang Firewall memakai ASA dan PIX.
ASA adalah versi terbaru Cisco untuk perangkat firewall setelah sebelumnya mengeluarkan PIX.
Command Line PIX yang versi lama agak banyak berbeda dengan Command Line di ASA.

Berikut tabel seri PIX dan cara upgrade-nya

	Current PIX Software Version
PIX Model	4.4(x) and earlier, 5.0(x)	5.1(x)	5.2(x)	5.3(x)	6.0(x)	6.1(x), 6.2(x), 6.3(x)
PIX Classic	boothelper	copy tftp flash	copy tftp flash	copy tftp flash	discontinued	discontinued
PIX 10000	boothelper	copy tftp flash	copy tftp flash	copy tftp flash	discontinued	discontinued
PIX 501	Not applicable	Not applicable	Not applicable	Not applicable	Not applicable	copy tftp flash
PIX 506	Not applicable	copy tftp flash	copy tftp flash	copy tftp flash	copy tftp flash	copy tftp flash
PIX 510	boothelper	copy tftp flash	copy tftp flash	copy tftp flash	Discontinued	Discontinued
PIX 515	monitor	copy tftp flash	copy tftp flash	copy tftp flash	copy tftp flash	copy tftp flash
PIX 520	boothelper	copy tftp flash	copy tftp flash	copy tftp flash	copy tftp flash	copy tftp flash
PIX 525	Not applicable	Not applicable	copy tftp flash	copy tftp flash	copy tftp flash	copy tftp flash
PIX 535	Not applicable	Not applicable	Not applicable	copy tftp flash	copy tftp flash	copy tftp flash

1. Upgrade yang paling simple dengan perintah copy tftp flash

- Install TFTP Server di PC
- Hubungkan TFTP Server dan PIX dengan kabel Cross
- Pastikan TFTP Server dan PIX bisa berkomunikasi, test ping
- Ketik aja perintah berikut di PIX

pixfirewall#copy tftp flash 
Address or name of remote host [127.0.0.1]? 172.18.125.3 
Source file name [cdisk]?pix803.bin 
copying tftp://172.18.125.3/pix611.bin to flash
[yes|no|again]?yes 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
Received 2562048 bytes. 
Erasing current image. 
Writing 2469944 bytes of image. 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
Image installed. 
pixfirewall#

2. Upgrade lewat Monitor mode

Berdasarkan tabel di atas, ada beberapa seri PIX dan versi OS yang tidak support perintah copy image langsung ke Flash lewat TFTP. Nah, cara yang lainnya adalah lewat monitor mode

Copy PIX image (pixnnn.bin) ke root directory dari TFTP Server.
- Hubungkan console ke PC dan jalankan Hyperterminal atau Putty
- Hubungkan TFTP Server dan PIX dengan kabel Cross
- Hidupkan PIX
- Tekan tombol ESC atau Ctrl + BREAK, sehingga muncul prompt
monitor>
Berikut contoh langkah-langkah upgrade-nya

monitor>interface 1 
0: i8255X @ PCI(bus:0 dev:14 irq:10) 
1: i8255X @ PCI(bus:0 dev:13 irq:11) 

Using 1: i82557 @ PCI(bus:0 dev:13 irq:11), MAC: 0002.b945.a23c 
monitor>address 172.18.124.154 
address 172.18.124.154 
monitor>server 172.18.125.3 
server 172.18.125.3 
monitor>file pix803.bin 
file pix611.bin 
monitor>ping 172.18.125.3 
Sending 5, 100-byte 0xcde2 ICMP Echoes to 172.18.125.3, timeout is 4 seconds: 
!!!!! 
Success rate is 100 percent (5/5) 
monitor>tftp 
tftp pix611.bin@172.18.125.3.......................................... 
Received 2562048 bytes 

Cisco Secure PIX Firewall admin loader (3.0) #0: Tue Dec  517:35:46 PST 2000 
System Flash=E28F128J3 @ 0xfff00000 
BIOS Flash=am29f400b @ 0xd8000 
Flash version 6.1.1, Install version 6.1.1 
Do you wish to copy the install image into flash? [n] y 

Installing to flash 

Serial Number: 480380761 (0x1ca20759) 
Activation Key: 760754d0 39f62229 a4a0245f b5b87e80 

Do you want to enter a new activation key? [n] n 
Writing 2469944 bytes image into flash...

Yah, itu dulu artikelnya... nanti disambung lagi

Easy IT Learning to be IT Professional

Rabu, 14 September 2011

Upgrade IOS Pix Firewall

Tidak ada komentar: