All Cisco-Network Study Notes: Installing a New Operating System

Installing a New Operating System
Installing a new operating system (OS) on a Cisco Security Appliance is similar in some
respects to installing a new OS on your PC. You must consider fundamental questions such
as whether you have enough memory and disk space (Flash size for Security Appliance) when
deciding whether to upgrade the operating system. Table 4-4 shows the random-access
memory (RAM) and Flash memory requirements for the different versions and releases of the
Cisco Security Appliance OS prior to version 7.0.
Table 4-5 shows the RAM and Flash memory requirements for Cisco Security Appliance OS
version 7.0.
Table 4-4 Security Appliance Software RAM/Flash Minimum Memory Requirements for Software
Versions pre-7.0
Security Appliance Software Version Memory
PIX Software Version 5.2(x) 16 MB Flash, 32 MB RAM
PIX Software Version 5.3(x) 16 MB Flash, 32 MB RAM
PIX Software Version 6.0(x) 16 MB Flash, 32 MB RAM
PIX Software Version 6.1(x) 16 MB Flash, 32 MB RAM
PIX Software Version 6.2(x) 16 MB Flash, 32 MB RAM
*PIX Software Version 6.3(x)
* Except the Cisco PIX 501, 506, and 506E Security Appliance models, which require 8 MB of Flash,
and Cisco PIX 501 Security Appliance, which requires 16 MB of RAM
16 MB Flash, 32 MB RAM
Table 4-5 Security Appliance Software RAM/Flash Minimum Memory Requirements for Software
Version 7.0
Security Appliance Memory
PIX 515/515E (Restricted License) 16 MB Flash, 64 MB RAM
PIX 515/515E (Unrestricted License) 16 MB Flash, 128 MB RAM
continues
86 Chapter 4: System Management/Maintenance
In addition to the memory and Flash requirements, you should consider the model of Cisco
Security Appliance before installing an OS. If you are required to upgrade a PIX Firewall to

software version 7.0, the firewall must currently be running software version 6.2 or 6.3. If
your firewall is running an older software version, please upgrade to version 6.2 or 6.3 before
upgrading to 7.0. Cisco ASA Security Appliance comes with a minimum of software version 7.0
installed.
To determine the RAM memory and Flash memory you have running on your Cisco Security
Appliance, use the show version command. The output from this command also tells you
which Security Appliance OS you are currently running, as shown in Example 4-1.
Security Appliance Memory
PIX 525 (Restricted License) 16 MB Flash, 128 MB RAM
PIX 525 (Unrestricted License) 16 MB Flash, 256 MB RAM
PIX 535 (Restricted License) 16 MB Flash, 512 MB RAM
PIX 535 (Unrestricted License) 16 MB Flash, 1024 MB RAM
ASA 5510 64 MB Flash, 256 MB RAM
ASA 5520 64 MB Flash, 512 MB RAM
ASA 5540 64 MB Flash, 1024 MB RAM
Example 4-1 Sample Output from the show version Command
pixfw(config)# show version
Cisco PIX Security Appliance Software Version 7.0(1)
Compiled on Thu 31-Mar-05 14:37 by builders
System image file is "flash:/pix-701.bin"
Config file at boot was "startup-config"
pixfw up 40328 mins 12 secs
Hardware: PIX-515, 128 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : media index 0: irq 10
1: Ext: Ethernet1 : media index 1: irq 7
2: Ext: Ethernet2 : media index 2: irq 11
Licensed features for this platform:
Maximum Physical Interfaces : 3

Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 5
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.
Serial Number: 480360257
Running Activation Key: 0x4431d243 0x54258b0f 0x90913408
0xb6bcd404 0x8f37eaac
Configuration has not been modified since last system restart.
In the preceding example, notice the following important bolded
parameters:
Nothing appears in bold. Fix?
Hardware: PIX-515, 128 MB RAM
Flash: 16MB
Licensed Features:
Failover: Active/Active
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Security Contexts 5
This PIX 515 Security Appliance has an Unrestricted (UR) license.
Serial Number: 48036025

As you can see, the OS version is 7.0(1), and the Flash memory size is 16 MB.
In Example 4-1, the line that starts with Running Activation Key displays the activation key
for the PIX Firewall. The activation key is the license key for the PIX Firewall OS. It is
important to save your configuration and write down your activation key before upgrading
to a newer version of the PIX Firewall OS.
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 5
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.
Serial Number: 480360257
Running Activation Key: 0x4431d243 0x54258b0f 0x90913408
0xb6bcd404 0x8f37eaac
Configuration has not been modified since last system restart.
In the preceding example, notice the following important bolded
parameters:
Nothing appears in bold. Fix?
Hardware: PIX-515, 128 MB RAM
Flash: 16MB
Licensed Features:
Failover: Active/Active
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Security Contexts 5
This PIX 515 Security Appliance has an Unrestricted (UR) license.
Serial Number: 480360257
NOTE Starting with PIX Firewall Software and ASA Security Appliance software version
7.0, multiple OS images of different versions can be stored on the Flash. Cisco PIX 501,
506, and 506E do not support version 7.0 nor this option.
PIX Firewalls that support software version 7.0 may not contain enough room on the Flash
for additional OS images. The combination of the OS image for version 7.0 and the ASDM
image are a little under 16 MBs in size. PIX Firewalls are deployed with 16 MB of Flash,
leaving very little room for additional files or images.