Tag Archives: pix 501

How to update the PDM on a Pix 501 firewall

Leave a reply

I had a Pix 501 firewall with an older version of the PDM on it and decided to upgrade to the latest version.

You need to obtain the latest version from the Cisco website using your CCO login provided you are licenced to do so.

Once you have downloaded the latest version, save the file off to a PC on the network.

Connect to the Pix with a console cable and your favourite Terminal emulator program (I use Tera Term)

Load up your favourite TFTP server (I use Solar Winds free TFTP server available here).

It is best to disable the firewall on the PC running the TFTP server or make sure you have an exception or rule configured to allow access to the TFTP server.

Place the .bin file for the PDM in the root of the TFTP server and start the server.

Go to your Terminal program and enter Enable mode.

Type the following command at the prompt:

copy tftp://Your_TFTP_Server_IP_Address/Your_pdmfile_name flash:pdm

This will upload the latest PDM to your Pix and is ready to go as soon as it is finished and has returned back to a prompt.

Log in to the PDM and check that the version number matches.

It is always best to do a reload after you update the PDM to make sure that it is loading OK.

You can also do a sh ver at the prompt to check that it is at the version that you have just updated too.

How to fix "Cannot select private key " error on a Pix firewall

Leave a reply

If you get this issue when you load the Pix, you may not have a private key.

Type:  show ca mypubkey rsa in enable mode and see if you have a key.

I had this problem occur after enabling 3des on a Pix 501.

To generate a new key, go into Global Confiuration mode  (Conf T) and type the following:

ca gen rsa key 1024
ca save all

This will create a new key if you don’t have one, or clear out the old one if you already do.

It is best to create a domain name if you don’t have one already using the domain-name command.