cc/td/doc/product/lan/cat6000/mod_icn/webvpn/1_1
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table Of Contents

Upgrading the Images

Upgrading the Application Software

Upgrading the Maintenance Software

Installing the SVC Package for Tunnel Mode


Upgrading the Images

The compact Flash on the WebVPN Services Module has two bootable partitions: application partition (AP) and maintenance partition (MP). By default, the application partition boots every time. The application partition contains the binaries necessary to run the WebVPN image. The maintenance partition is booted if you need to upgrade the application partition.

You can upgrade both the application software and the maintenance software. However, you are not required to upgrade both images at the same time. Refer to the release notes for the WebVPN Services Module for the latest application partition and maintenance partition software versions.

The entire application and maintenance partitions are stored on the FTP or TFTP server. The images are downloaded and extracted to the application partition or maintenance partition depending on which image is being upgraded.

To upgrade the application partition, change the boot sequence to boot the module from the maintenance partition. To upgrade the maintenance partition, change the boot sequence to boot the module from the application partition. Set the boot sequence for the module using the supervisor engine CLI commands. The maintenance partition downloads and installs the application image. The supervisor engine must be executing the run-time image to provide network access to the maintenance partition.

Before starting the upgrade process, you will need to download the application partition image or maintenance partition image to the TFTP server.

A TFTP or FTP server is required to copy the images. The TFTP server should be connected to the switch, and the port connecting to the TFTP server should be included in any VLAN on the switch.

These sections describe how to upgrade the images:

Upgrading the Application Software

Upgrading the Maintenance Software

Installing the SVC Package for Tunnel Mode

Upgrading the Application Software

Note Do not reset the module until the image is upgraded. The total time to upgrade the image takes up to eight minutes.

To upgrade the application partition software, perform this task:

 
Command
Purpose

Step 1 

Router# hw-module module mod reset cf:1

Reboots the module from the maintenance partition.

Note It is normal to see messages such as "Press Key" on the module console after entering this command.

Step 2 

Router# show module

Displays that the maintenance partition for the module has booted.

Step 3 

Router# copy tftp: pclc#mod-fs:

Downloads the image.

Step 4 

Router# hw-module module mod reset cf:4

Resets and boots the module to the application partition.

Note Do not reset the module until the "You can now reset the module" message is displayed on the console. Resetting the module before this message is displayed will cause the upgrade to fail.

Step 5 

Router# show module

Displays that the application partition for the module has booted.

This example shows how to upgrade the application partition software:

Router# hw-module module 2 reset cf:1
Device BOOT variable for reset = <cf:1>
Warning: Device list is not verified.

Proceed with reload of module?[confirm]y
% reset issued for module 2
supervisor#
16:17:54: SP: The PC in slot 2 is shutting down. Please wait ...
16:18:15: SP: PC shutdown completed for module 2
*May 10 16:50:28.771: %C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (Reset)
16:20:54: SP: OS_BOOT_STATUS(2) MP OS Boot Status: finished booting
*May 10 16:53:34.599: %DIAG-SP-6-RUN_MINIMUM: Module 2: Running Minimum Diagnostics...
*May 10 16:53:40.363: %DIAG-SP-6-DIAG_OK: Module 2: Passed Online Diagnostics
*May 10 16:53:40.759: %OIR-SP-6-INSCARD: Card inserted in slot 2, interfaces are now online

Router# show module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 2 Catalyst 6000 supervisor 2 (Active) WS-X6K-S2U-MSFC2 SAD055006RZ
  2 2 SSL VPN Accelerator (MP) WS-SVC-WEBVPN-K9

...<output truncated>...

Router# copy tftp: pclc#2-fs:

copy tftp pclc#2-fs:
Address or name of remote host []? 10.10.10.1
Source filename []? c6svc-webvpn-k9y9.1-1-1.bin
Destination filename [c6svc-webvpn-k9y9.1-1-1.bin]?
Accessing tftp://10.10.10.1/c6svc-webvpn-k9y9.1-1-1.bin...
Loading narenr/c6svc-webvpn-k9y9.1-1-1.bin from 10.10.10.1 (via Vlan6):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

...<output truncated>...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 24944624 bytes]

24944624 bytes copied in 203.164 secs (122781 bytes/sec)
supervisor#
*May 10 17:01:40.323: %SVCLC-SP-5-STRRECVD: mod 2: <Application upgrade has started>
*May 10 17:01:40.323: %SVCLC-SP-5-STRRECVD: mod 2: <Do not reset the module till upgrade completes!!>
*May 10 17:07:01.423: %SVCLC-SP-5-STRRECVD: mod 2: <Application upgrade has succeeded>
*May 10 17:07:01.423: %SVCLC-SP-5-STRRECVD: mod 2: <You can now reset the module>

Router# hw-module module 2 reset cf:4
Device BOOT variable for reset = <cf:4>
Warning: Device list is not verified.

Proceed with reload of module?[confirm]y
% reset issued for module 2
16:38:34: SP: The PC in slot 2 is shutting down. Please wait ...
16:38:57: SP: PC shutdown completed for module 2
*May 10 17:11:10.065: %C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (Reset)
16:39:50: SP: OS_BOOT_STATUS(2) AP OS Boot Status: finished booting
*May 10 17:13:18.119: %DIAG-SP-6-RUN_MINIMUM: Module 2: Running Minimum Diagnostics...
*May 10 17:13:18.863: %DIAG-SP-6-DIAG_OK: Module 2: Passed Online Diagnostics
*May 10 17:13:19.195: %OIR-SP-6-INSCARD: Card inserted in slot 2, interfaces are now online

Router# show module

Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 2 Catalyst 6000 supervisor 2 (Active) WS-X6K-S2U-MSFC2 SAD055006RZ
  2 2 SSL VPN Accelerator                    WS-SVC-WEBVPN-K9

...<output truncated>...

Upgrading the Maintenance Software

Note Do not reset the module until the image is upgraded. The total time to upgrade the image takes up to 8 minutes.

To upgrade the maintenance partition software, perform this task:

 
Command
Purpose

Step 1 

Router# hw-module module mod reset cf:4

Reboots the module from the application partition.

Step 2 

Router# show module

Displays that the application partition for the module has booted.

Step 3 

Router# copy tftp: pclc#mod-fs:

Downloads the image.

Step 4 

Router# hw-module module mod reset cf:1

Resets the module in the maintenance partition.

Note Do not reset the module until the "Upgrade of MP was successful. You can now boot MP" message is displayed on the console. Resetting the module before this message is displayed will cause the upgrade to fail.

Step 5 

Router# show module

Displays that the maintenance partition for the module has booted.

This example shows how to upgrade the maintenance partition software:

Router# hw module 2 reset cf:4
Device BOOT variable for reset = <cf:4>
Warning: Device list is not verified.

Proceed with reload of module?[confirm]y
% reset issued for module 2
16:43:51: SP: The PC in slot 2 is shutting down. Please wait ...
16:44:12: SP: PC shutdown completed for module 2
*May 10 17:16:25.271: %C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (Reset)
16:45:05: SP: OS_BOOT_STATUS(2) AP OS Boot Status: finished booting
*May 10 17:18:33.363: %DIAG-SP-6-RUN_MINIMUM: Module 2: Running Minimum Diagnostics...
*May 10 17:18:34.103: %DIAG-SP-6-DIAG_OK: Module 2: Passed Online Diagnostics
*May 10 17:18:34.439: %OIR-SP-6-INSCARD: Card inserted in slot 2, interfaces are now online

Router# show module

Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 2 Catalyst 6000 supervisor 2 (Active) WS-X6K-S2U-MSFC2 SAD055006RZ
  2 2 SSL VPN Accelerator                    WS-SVC-WEBVPN-K9

...<output truncated>...

Router# copy tftp: pclc#2-fs:
Address or name of remote host []? 10.10.10.1
Source filename []? mp.3-3-1.bin.gz
Destination filename [mp.3-3-1.bin.gz]?
Accessing tftp://10.10.10.1/mp.3-3-1.bin.gz...
Loading mp.3-3-1.bin.gz from 10.10.10.1 (via Vlan6):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

...<output truncated>...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 12342623 bytes]

12342623 bytes copied in 99.908 secs (123540 bytes/sec)
*May 10 17:21:05.423: %SVCLC-SP-5-STRRECVD: mod 2: <MP upgrade/Password Recovery started.>
*May 10 17:21:05.991: %SVCLC-SP-5-STRRECVD: mod 2: <Uncompress of the file succeeded. Continuing upgrade/recovery.>
*May 10 17:21:06.015: %SVCLC-SP-5-STRRECVD: mod 2: <This file appears to be a MP upgrade. Continuing upgrade.>
*May 10 17:21:06.039: %SVCLC-SP-5-STRRECVD: mod 2: <Install of the MBR succeeded . Continuing upgrade.>
*May 10 17:21:06.115: %SVCLC-SP-5-STRRECVD: mod 2: <Install of GRUB succeeded. Continuing upgrade.>
*May 10 17:22:02.295: %SVCLC-SP-5-STRRECVD: mod 2: <Copying of MP succeeded. Continuing upgrade.>
*May 10 17:22:02.311: %SVCLC-SP-5-STRRECVD: mod 2: <fsck of MP partition succeeded.>
*May 10 17:22:02.343: %SVCLC-SP-5-STRRECVD: mod 2: <Upgrade of MP was successful. You can now boot MP.>
Router#
Router# hw mod 2 reset cf:1
Device BOOT variable for reset = <cf:1>
Warning: Device list is not verified.

Proceed with reload of module?[confirm]y
% reset issued for module 2
17:02:03: SP: The PC in slot 2 is shutting down. Please wait ...
17:02:23: SP: PC shutdown completed for module 2
*May 10 17:34:36.399: %C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (Reset)
17:05:02: SP: OS_BOOT_STATUS(2) MP OS Boot Status: finished booting
*May 10 17:37:42.223: %DIAG-SP-6-RUN_MINIMUM: Module 2: Running Minimum Diagnostics...
*May 10 17:37:48.007: %DIAG-SP-6-DIAG_OK: Module 2: Passed Online Diagnostics
*May 10 17:37:48.303: %OIR-SP-6-INSCARD: Card inserted in slot 2, interfaces are now online
Router#
Router# show module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 2 Catalyst 6000 supervisor 2 (Active) WS-X6K-S2U-MSFC2 SAD055006RZ
  2 2 SSL VPN Accelerator (MP) WS-SVC-WEBVPN-K9

...<output truncated>...

Installing the SVC Package for Tunnel Mode

Before end users can download and install the SSL VPN client (SVC) to their PC, you must first install the SVC package to the Flash: device on the WebVPN Services Module.

To install the SVC package, perform this task:

 
Command
Purpose

Step 1 

webvpn# copy tftp: flash:/webvpn

Copies the SVC package to the Flash: device on the WebVPN Services Module.

Note At the "Destination filename" prompt, rename the source filename to svc.pkg.

Step 2 

webvpn# dir flash:/webvpn

Displays the contents of the Flash: device on the WebVPN Services Module. Confirm that the svc.pkg file is installed.

Step 3 

Router# hw module mod reset cf:4

Reboots the WebVPN Services Module.

Note When the WebVPN Services Module comes up, the SVC package stored in the Flash: device is extracted and stored in the cache file system. The WebVPN Services Module is now ready to service download requests sent from end users.

Step 4 

webvpn# show webvpn install status svc

Displays the status of the installed SVC package.

This example shows how to install the SVC package:

To download and install the SVC package, enter the following commands at the WebVPN Services Module CLI:

webvpn# copy tftp: flash:/webvpn
Address or name of remote host [10.1.1.1]?
Source filename []? <username>/sslclient-win-1.0.0.pkg
Destination filename [sslclient-win-1.0.0.pkg]? svc.pkg
%Warning:There is a file already existing with this name
Do you want to over write? [confirm] y
Accessing tftp://10.1.1.1/sslclient-win-1.0.0.pkg.zip...
Loading sslclient-win-1.0.0.pkg.zip from 10.1.1.1
(via WebVPN0.1): !!O!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 300265 bytes]
300265 bytes copied in 8.032 secs (37384 bytes/sec)
webvpn#
webvpn# dir flash:/webvpn
Directory of flash:/webvpn/
4 -rwx 300265 Apr 26 2005 00:41:16 +00:00 svc.pkg
16386048 bytes total (16072704 bytes free)

To reboot the WebVPN Services Module, enter the following commands at the supervisor engine CLI:

Router# hw module 6 reset cf:4
Device BOOT variable for reset = <empty>
Warning:Device list is not verified.
Proceed with reload of module? [confirm]y
% reset issued for module 6
Router#
02:36:57:SP:The PC in slot 6 is shutting down. Please wait ...
02:37:17:SP:PC shutdown completed for module 6
02:37:17:%C6KPWR-SP-4-DISABLED:power to module in slot 6 set off (Reset)
1w0d:SP:OS_BOOT_STATUS(6) AP OS Boot Status:finished booting
1w0d:%OIR-SP-6-INSCARD:Card inserted in slot 6, interfaces are now online

To display the status of the SVC package, enter the following command at the WebVPN Services Module CLI:

webvpn# show webvpn install status svc
SSLVPN Package SSL-VPN-Client version installed:
CISCO STC win2k+ 1.0.0
1,0,0
Tue 03/08/2005 15:31:20.43

hometocprevnextglossaryfeedbacksearchhelp

Posted: Mon Oct 3 12:04:48 PDT 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.