Question

Locked

Cisco Router 2651XM - problem upgrading

By philomic ·
Hello,

I've been trying to upgrade our Cisco Router 2651XM with a newer IOS version but failed all the time. I've already downloaded the new version I need.

I have also installed the Cisco Network Assistant to upgrade the device but didn't work...it keeps showing upgrade failed.

I've used tftp server but didn't work either(tried 2 tftp server software recommended by several folks). I used the tftp server to upgrade my firewall and worked but won't work with the router.

I've also consoled in to the router and used ROMmon to upgrade directly but didn't either. I'm not sure what I'm doing wrong. Any information regarding this matter is appreciated. Thanks in advance!

-Philip

This conversation is currently closed to new comments.

17 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

error message

by Fregeus In reply to Cisco Router 2651XM - pro ...

Are you getting any error messages? Can you give us more information on how the process is going?

Have you checked if you have enough Flash space for your IOS file?


TCB

Collapse -

More info

by philomic In reply to error message

I have enough space. 50 MB total, 32 MB available.

I am uploading a new version with 18 MB size

The message I get using CNA is "Failed to verify FTP connection to device"

-I use 3CDaemon (TFTP Server)
-I can ping the router but the router can't ping my computer (I just found that out a minute before writing this reply-this might be the source of the problem)

Error when I use TFTP server:
%Error copying tftp://10.10.10.2/c2600-entbasek9.t3(Timed out)

Collapse -

Sounds like a firewall in the way

by Dumphrey In reply to More info

and probably on the workstation end. Check and see if thats the case.

Collapse -

Probably a firewall

by philomic In reply to Sounds like a firewall in ...

I did some testing with other workstations.

The router can ping these workstations but everytime I try to use the CNA I get this message "Failed to verify FTP connection to device"
I've added an access-list to the firewall but didn't seem to fix the problem.

I also tried TFTP server again but still getting this message "%Error opeing tftp://10.10.10.1/c2600-entbasek9-mz.124-15.T3.bin (Timed out)"

Collapse -

Check the machine the

by Dumphrey In reply to Probably a firewall

tftp server is running on. Most will block tftp by default. It could be the firewall is there not on the router thats the problem.

Collapse -

General Firewal Config

by philomic In reply to Check the machine the

I've looked at the workstations but don't see any problem. Here's a general config of our firewall:

ASA Version 7.2(3)
!
hostname PIX-FW
domain-name *******
enable password ********
names
dns-guard
!
interface Ethernet0/0
speed 100
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.0
!
interface Ethernet0/1
speed 100
nameif inside
security-level 100
ip address x.x.x.x 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!
passwd PHbM4QY5V7cq636K encrypted
boot system disk0:/asa723-k8.bin
ftp mode passive
clock timezone ******
dns server-group DefaultDNS
domain-name ********
object-group network BOGONS
network-object 0.0.0.0 255.0.0.0
network-object 1.0.0.0 255.0.0.0
network-object 2.0.0.0 255.0.0.0
network-object x.x.0.0 255.255.0.0
network-object x.x.0.0 255.255.0.0
network-object 127.0.0.0 255.0.0.0
network-object x.0.0.0 255.0.0.0
network-object x.0.0.0 255.0.0.0
object-group icmp-type SAFE-ICMP
icmp-object echo-reply
icmp-object parameter-problem
icmp-object time-exceeded
icmp-object unreachable
object-group service OUTBOUND tcp
port-object range 6665 6669
port-object eq 7000
port-object eq 7514
access-list acl-outside extended permit icmp any any
access-list acl-outside extended permit ip x.x.x.0 255.255.255.0 host x.x.x.x
access-list acl-outside extended permit ip x.x.x.0 255.255.255.0 any
access-list acl-outside extended permit ip x.x.x.0 255.255.255.0 any
access-list acl-outside extended permit ip x.x.x.0 255.255.255.0 any
access-list acl-outside extended deny ip object-group BOGONS any
access-list acl-outside extended permit icmp any any object-group SAFE-ICMP
access-list acl-outside extended permit tcp any host x.x.x.x eq https
access-list acl-outside extended permit tcp any host x.x.x.x eq www
access-list acl-outside extended permit ip x.x.x.x 255.255.255.0 any
access-list acl-outside extended permit tcp any host x.x.x.x eq smtp
access-list acl-outside extended permit ip host x.x.x.x host x.x.x.x
access-list acl-outside extended deny ip any any
access-list acl-outbound extended permit ip any any
access-list acl-outbound extended deny ip any any
access-list split standard permit x.x.x.x 255.255.255.0
access-list 150 extended permit ip any any
pager lines 24
logging enable
logging buffer-size 250000
logging buffered debugging
logging trap informational
logging asdm informational
no logging message 106015
no logging message 604103
no logging message 305012
no logging message 305011
no logging message 305010
no logging message 305009
no logging message 710005
no logging message 302010
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 304001
no logging message 609002
no logging message 609001
no logging message 302016
no logging message 302021
no logging message 302020
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpnpool 10.101.0.1-10.101.0.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply outside
icmp permit any unreachable outside
icmp permit any echo outside
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
access-group acl-outside in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.2.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server NTAuth protocol nt
aaa-server NTAuth host x.x.x.x
nt-auth-domain-controller *******
http x.x.x.x 255.255.255.0 management
snmp-server location *********
no snmp-server contact
snmp-server community *************
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto dynamic-map dynmap 1000 set transform-set myset
crypto map mymap 1000 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp nat-traversal 20
telnet x.x.0.0 255.255.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh x.x.x.x 255.255.255.255 inside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 30
ssh version 2
console timeout 15
dhcpd dns x.x.x.x x.x.x.x
dhcpd lease 86400
dhcpd ping_timeout 750
dhcpd domain ********
!
dhcpd address x.x.x.x-x.x.x.x inside
!
!
class-map all-traffic
match any
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
class all-traffic
set connection random-sequence-number disable
!
service-policy global_policy global
group-policy clientgroup internal
group-policy clientgroup attributes
wins-server value x.x.x.x
dns-server value x.x.x.x
vpn-idle-timeout 20
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
default-domain value *******
username ******** password *********** encrypted privilege 15
tunnel-group ******** type ipsec-ra
tunnel-group ********* general-attributes
address-pool vpnpool
authentication-server-group NTAuth
default-group-policy clientgroup
tunnel-group ********* ipsec-attributes
pre-shared-key *
prompt hostname context
Cryptochecksum:9cd61fa9071710cacf5bd5e93332836d
: end

Collapse -

haven't read all the posts but

by CG IT In reply to General Firewal Config

your trying to download a new IOS version into your router via TFTP does your router specify a TFTP server and it's address? older Cisco routers have a TFTP server config you can enter.

I don't think a firewall on the router will interfer with upload and download of IOS images via Telnet/TFTP or via the console port. The firewall works on the WAN port.

Could be the local computer firewall or that you haven't specified a TFTP server address.

Collapse -

Cisco has their own TFTP Server software

by CG IT In reply to Cisco Router 2651XM - pro ...

Again didn't read all the posts

but you tried xmodem ?

I think it has to do with the router not being able to comm with your TFTP server on your comp.

The console computer (PC) must have the following files to use this procedure:

?Terminal emulation application program supporting one of the following file transfer protocols:

?Xmodem

?Xmodem-CRC

?Xmodem-1K

?Ymodem

?Cisco IOS image file

you got all these?

Collapse -

Xmodem

by philomic In reply to Cisco has their own TFTP ...

I'm trying xmodem but didn't seem to be working.

I have the Cisco IOS image file. I used Microsoft's hyperterminal. Not sure what I'm doing wrong. Do you have a procedure to perform this task by any chance. Thanks for your help!

Collapse -

well the procedure is really Cisco's procedure

by CG IT In reply to Xmodem

Here's a link: http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/800/800swcfg/upg_ios.htm

I've run into this problem myself using my laptop and serial port, xmodem and hyperterminal.

I've used the ethernet way and it works... not sure why yours won't. This is Windows and not Solaris? correct?

Solaris has a bug on files bigger than 16MB.

Back to Networks Forum
17 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums