Cisco Systems 78-11180-01 manual Examples

Chapter 2 Installing a PIX Firewall

Software Installation Notes

If the command is used without the location or pathname optional parameters, then the location and filename are obtained from the user interactively via a series of questions similar to those presented by Cisco IOS software. If you only enter a colon (:), parameters are taken from the tftp-servercommand settings. If other optional parameters are supplied, then these values would be used in place of the corresponding tftp-servercommand setting. Supplying any of the optional parameters, such as a colon and anything after it, causes the command to run without prompting for user input.

The location is either an IP address or a name that resolves to an IP address via the PIX Firewall naming resolution mechanism (currently static mappings via the name and names commands). PIX Firewall must know how to reach this location via its routing table information. This information is determined by the ip address command, the route command, or also RIP, depending upon your configuration.

The pathname can include any directory names besides the actual last component of the path to the file on the server. The pathname cannot contain spaces. If a directory name has spaces, set the directory in the TFTP server instead of in the copy tftp flash command. In UNIX, the file needs to be world readable for the TFTP server to access it.

If your TFTP server has been configured to point to a directory on the system from which you are downloading the image, you need only use the IP address of the system and the image filename. For example, if you want to download the pix521.bin file from the D: partition on a Windows system (IP address 10.1.1.5), you would access the Cisco TFTP Server View>Options menu and enter the filename path in the TFTP server root directory edit box; for example, D:\pix_images. To copy the file to the PIX Firewall, use the following copy tftp command:

copy tftp://10.1.1.5/pix521.bin flash

The TFTP server receives the command and correlates the actual file location from its root directory information. The server then downloads the TFTP image to the PIX Firewall.

Note Images prior to version 5.1 cannot be retrieved using this mechanism.

Examples

The following example causes the PIX Firewall to prompt you for the filename and location before you start the TFTP download:

copy tftp flash

Address or name of remote host [127.0.0.1]? 10.1.1.5 Source file name [cdisk]? pix521.bin

copying tftp://10.1.1.5/pix521.bin to flash [yesnoagain]?yes

!!!!!!!!!!!!!!!!!!!!!!!…

Received 1695744 bytes. Erasing current image.

Writing 1597496 bytes of image.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!…

Image installed.

Installation Guide for the Cisco Secure PIX Firewall Version 5.2