Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
0
Helpful
5
Replies

Issue importing config to VMS Firewalls

smeek
Level 1
Level 1

‎01-02-2004 01:43 PM - edited ‎03-02-2019 12:39 PM

Just set up new install. Having issue importing config from my PIX.

I get "failed to contact host" if I try to import from device. I can telnet and connect from my server, so my IP and enable password should be good.

If I try to import a copy/pasted config file, it says 6.3.3 is not a supported version and fails.

Is there something I need to configure on the PIX end? PIX is 6.3.3 (in failover cfg). I updated VMS 2.2 to Update 1 and I just found and downloaded Firewall update to 1.2.2.

Any ideas appreciated?

Steve

Labels:
0 Helpful
5 Replies 5

intertechusa
Level 1
Level 1

‎01-06-2004 04:46 PM

I am having the same problem. Reading the docs it appears that we may need to enable http on the PIX. I believe it's disabled on both of ours. I'll enable it and try it.

Quote from docs:

Enter the Contact IP address, which is the address Firewall MC uses to contact a firewall device using HTTPS. This is generally a firewall's interface address, but it might be different due to address translation between the Firewall MC server and the firewall.

Note: You should have specified this IP address for the inside interface during bootstrapping. The inside interface is the one for which you automatically enabled HTTP access using the setup command.

0 Helpful

intertechusa
Level 1
Level 1
In response to intertechusa

‎01-06-2004 04:50 PM

Also, I see that Firewall MC only imports configs of PIXs that are using ACLs and will not import configs that are using conduits.

0 Helpful

g.rodegari
Level 1
Level 1
In response to intertechusa

‎01-07-2004 03:49 AM

Hi,

I've enabled HTTP... but not on the inside interface and not work!

the interface is reacheble and the https seems to work fine but, capturing the traffic from the pix I've seen that VMS try to connect but the PIX send a TCP RST...

any ideas?

Do you know if is possible manage PIX from a interface different from inside?

thanks,

Graziano

0 Helpful

g.rodegari
Level 1
Level 1
In response to g.rodegari

‎01-07-2004 07:37 AM

Good news,

I've found this information, in the PIX-MC 1.2.2 release-notes:

Troubleshooting

The following topics supplement the troubleshooting information found in Using Management Center for Firewalls 1.2.

Why does the error message "Failed to contact the device" appear when I try to import from a device?

Solaris patch 112438-01 is required for Firewall MC 1.2.2 to communicate with the device. After installing this patch, you must reboot the Solaris server.

I'll try it as soon as possible !

Bye,

Graziano

0 Helpful

g.rodegari
Level 1
Level 1
In response to g.rodegari

‎01-14-2004 07:05 AM

OK! with this patch works well!

Hope this helps all!

bye,

Graz.

0 Helpful
Customers Also Viewed These Support Documents