Cisco PIX – “What are the files in flash”

KB ID 0000757 Dtd 01/02/13


With modern Cisco ASA firewalls a show flash (or show disk0) command will give you a descriptive list of what is stored in NVRAM. With an older version 6 firewall the result is a little more confusing.


If you connect to the PIX and view the contents of the flash, you will see something like this;
Sent username “pix” Type help or ‘?’ for a list of available commands. Petes-PIX> Petes-PIX> enable Password: ******* Petes-PIX# show flash flash file system: version:3 magic:0x12345679 file 0: origin: 0 length:1978424 file 1: origin: 2097152 length:4994 file 2: origin: 0 length:0 file 3: origin: 2228224 length:3152452 file 4: origin: 0 length:0 file 5: origin: 8257536 length:308 Petes-PIX#
So what are all these files? file 0 : This is the operating system file, it will have a .bin extension (e.g. 6.3(5) is pix635.bin, which is the version you can see here). file 1: This is the firewalls config file, you can view it with a “show config” command, it is the config that gets loaded into memory and becomes the running config when the firewall boots. Note: If you issue a “write erase” command this file will be removed, WARNING: Doing this will cause the firewall to revert to factory settings when it reloads (reboots). file 2: This datafile stores the firewalls IPSec key and certificate information. file 3: This is the firewalls PDM image file, it will have a .bin extension (e.g. 3.0(4) is pdm-304.bin, which is the version you can see here). Note: There is no command to remove JUST this file, but if you TFTP in a new PDM image then pull the plug “mid-transfer”, the PIX will time out and delete it local PDM image from flash. file 4: Crash-dump file. file 5: File system record file.

Related Articles, References, Credits, or External Links

PIX 506E and 501 Firewall Image and PDM Upgrade

Author: Migrated

Share This Post On