Cisco PIX – “What are the files in flash”

KB ID 0000757

Problem

With modern Cisco ASA firewalls a show flash (or show disk0) command will give you a descriptive list of what is stored in NVRAM. With an older version 6 firewall the result is a little more confusing.

Solution

If you connect to the PIX and view the contents of the flash, you will see something like this;

[box]

Sent username “pix”

Type help or ‘?’ for a list of available commands.

Petes-PIX>

Petes-PIX> enable

Password: *******

Petes-PIX# show flash
flash file system: version:3 magic:0x12345679
file 0: origin: 0 length:1978424

file 1: origin: 2097152 length:4994

file 2: origin: 0 length:0

file 3: origin: 2228224 length:3152452

file 4: origin: 0 length:0

file 5: origin: 8257536 length:308

Petes-PIX#

[/box]

So what are all these files?

file 0 : This is the operating system file, it will have a .bin extension (e.g. 6.3(5) is pix635.bin, which is the version you can see here).

file 1: This is the firewalls config file, you can view it with a “show config” command, it is the config that gets loaded into memory and becomes the running config when the firewall boots.

Note: If you issue a “write erase” command this file will be removed, WARNING: Doing this will cause the firewall to revert to factory settings when it reloads (reboots).

file 2: This datafile stores the firewalls IPSec key and certificate information.

file 3: This is the firewalls PDM image file, it will have a .bin extension (e.g. 3.0(4) is pdm-304.bin, which is the version you can see here).

Note: There is no command to remove JUST this file, but if you TFTP in a new PDM image then pull the plug “mid-transfer”, the PIX will time out and delete it local PDM image from flash.

file 4: Crash-dump file.

file 5: File system record file.

Related Articles, References, Credits, or External Links

PIX 506E and 501 Firewall Image and PDM Upgrade