KB ID 0000757
Problem
With modern Cisco ASA firewalls a show flash (or show disk0) command will give you a descriptive list of what is stored in NVRAM. With an older version 6 firewall the result is a little more confusing.
Solution
If you connect to the PIX and view the contents of the flash, you will see something like this;
Sent username “pix”
Type help or ‘?’ for a list of available commands.
Petes-PIX>
Petes-PIX> enable
Password: *******
Petes-PIX# show flash flash file system: version:3 magic:0x12345679 file 0: origin: 0 length:1978424
file 1: origin: 2097152 length:4994
file 2: origin: 0 length:0
file 3: origin: 2228224 length:3152452
file 4: origin: 0 length:0
file 5: origin: 8257536 length:308
Petes-PIX#
So what are all these files?
file 0 : This is the operating system file, it will have a .bin extension (e.g. 6.3(5) is pix635.bin, which is the version you can see here).
file 1: This is the firewalls config file, you can view it with a “show config” command, it is the config that gets loaded into memory and becomes the running config when the firewall boots.
Note: If you issue a “write erase” command this file will be removed, WARNING: Doing this will cause the firewall to revert to factory settings when it reloads (reboots).
file 2: This datafile stores the firewalls IPSec key and certificate information.
file 3: This is the firewalls PDM image file, it will have a .bin extension (e.g. 3.0(4) is pdm-304.bin, which is the version you can see here).
Note: There is no command to remove JUST this file, but if you TFTP in a new PDM image then pull the plug “mid-transfer”, the PIX will time out and delete it local PDM image from flash.
file 4: Crash-dump file.
file 5: File system record file.
Related Articles, References, Credits, or External Links
PIX 506E and 501 Firewall Image and PDM Upgrade