Cisco Systems 78-11180-01 Using the monitor Command

2-33

Installation Guide for the Cisco Secure PIX Firewall Version 5.2

78-11180-01

Chapter2 Installing a PIX Firewall

Software Installation Notes

The next example takes the information from the tftp-server command. In this case, the TFTP server

is in an intranet and resides on the outside interface. The example sets the filename and location from

the tftp-server command, saves memory, and then downloads the image to Flash memory:

tftp-server outside 10.1.1.5 pix521.bin

Warning: 'outside' interface has a low security level (0).

write memory

Building configuration...

Cryptochecksum: 017c452b d54be501 8620ba48 490f7e99

[OK]

copy tftp: flash

copying tftp://10.1.1.5/pix521.bin to flash

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!…

The next examples override the information in the tftp-server command to let you specify alternate

information about the filename and location. If you have not set the tftp-server command, you can also

use the copy tftp flash command to specify all information as shown in the second example that

follows:

copy tftp:/pix521.bin flash

copy tftp://10.0.0.1/pix521.bin flash

The next examples map an IP address to the tftp-host name with the name command and use the

tftp-host name in the copy commands:

name 10.1.1.6 tftp-host

copy tftp://tftp-host/pix521.bin flash

copy tftp://tftp-host/tftpboot/pix521.bin flash

Using the monitor Command

After the PIX 506, PIX 515, or PIX 525 restarts, it pauses 10 seconds. To start the ROM monitor, press

the Escape key or send a BREAK character. If you are using Windows HyperTerminal for your console

program, you can press the Esc (Escape) key. From a Telnet session to a terminal server that has serial

access to the PIX 506, PIX 515, and PIX 525, use ctrl ] to get the Telnet command prompt, and then

enter the send break command. If you do not want to enter boot mode when the PIX 506, PIX 515, or

PIX 525 restarts, press the Space bar to start the normal boot immediately, or wait until the 10 seconds

passes and the unit will boot normally from Flash memory.

From ROM monitor, you can enter a number of commands that let you specify the file and location of

the configuration image, and then download it to the unit. The ROM monitor also lets you ping the TFTP

server to see if it is online and to specify the IP address of the nearest router if the image is not on a

subnet shared with a PIX 506, PIX 515, or PIX 525 interface.

Note TFTP does not perform authentication when transferring files, so a username and

password on the TFTP server are not required.

The TFTP server should be installed, but is not required to be, on the most secure part of the network,

preferably on the inside interface.

After you download an image, use the write memory command to store the image in Flash memory.

The monitor feature only works on the PIX 506, PIX 515, and PIX 525 and not with earlier models of

the PIX Firewall.

The maximum length of a filename is 122 characters.

If the TFTP service stops receiving data requests during a file transfer, it waits four seconds and then

closes the connection.