Category: Cisco

Today I used the monitor mode version of the installation procedure to upgrade a Cisco PIX 515E that was 2 months from being out of a SMARTNet contract. Just in time. This is done by rebooting the firewall with the reload command or flipping the switch (whichever you prefer), and pressing ESC during the boot cycle when the prompt tells you to, then getting started with the string of commands that are required.

First lets set the interface.

interface inside

Then lets set the IP address

address 10.0.0.1

Next lets tell it where the TFTP Server is.

server 10.0.0.10

Now lets tell it the file name.

file pix707.bin

Finally, lets tell the firewall to upload the file.

tftp

The firewall will start to download, then install the code and it’ll reboot. When it comes up, the boot image is not saved to flash so we need to issue the following command.

copy tftp://10.0.0.10/pix707.bin flash:

Accept the following prompts and it’ll finally upload the image to flash. Issue a “write memory” and you are done. Now it’s time to upload the new ASDM image. You can do that with TFTP as well using the following commands.

copy tftp://10.0.0.10/asdm-506.bin flash:

Accept the prompts and it’ll upload the file to flash. Now we need to tell the configuration where that file is located with the following.

asdm location flash:/asdm-506.bin

Reboot and you should be able to access the firewall from the GUI interface using the 7.07 code and ASDM to match.

One of the guys I work with learned a cool trick and decided to pass it on to me. From a Cisco ASA / PIX firewall you can create a pcap file from the command line for use in Wireshark or just to debug from the console.

First we need to create an access list.

access-list testpcap permit tcp any any

Next we start the capture.

capture testpcapname access-list testpcap interface outside

Now that the capture is started you can view your capture with

show capture testpcapname

or you can download the current pcap file from the SDM with

http://ipoffirewall/testpcapname/pcap

To stop the capture issue

no capture testpcapname

and don’t forget to delete your access list unless you want to use it later. This example was very basic but you could get pretty granular with the access list rules to only pickup the data that you absolutely need to troubleshoot an issue or just for fun.

Well, this is my first tech post so I’ll make it an easy one. I’ll put a few of the commands that I regularly utilize on Cisco routers and Switches to make my life easier.

| (Pipe) command output modifier –

Alrighty, this truly is a basic command. You issue a normal command at the privilege exec level and add the | (pipe) afterwards followed by an i (include) e (exclude) or b (begin). Begin is not available in all IOS versions.

Command Example:

show run | i ip route

would show something like this:

ip route 10.0.0.0 255.255.255.0 11.24.1.1 name default
ip route 10.1.255.0 255.255.255.0 11.24.1.2 name backup_net

If you were to replace the i with a b the output would begin at “ip route” and continue on with the rest of the config. This would be useful for those really long configs where you might be working on the dial-peers and don’t care to scroll through 500 lines of the config to get there. The e option would exclude anything that you have following it. This might come into handy when you want to skip ip address or access-lists. Hope this helps, I was lucky enough to learn these tricks early on and didn’t have to struggle for too aweful long. Good luck.