I have a Pix 525 configured to work with the 2 built-in ethernet interfaces. I bought 2 Gig ethernet interfaces and I want to install them to replace the 100mb interfaces.
My question is about what I will have to do to my Pix configuration so all my access lists and other commands use the new cards. Is it as simple as doing a search and replace of the name of my interfaces in my config file to put the new one or is it more complicated than that?
My current configuration for my interfaces is
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
would it be as simple as doing something like that
I believe that you would be better off archiving your current config to a tftp server, copying it to keep the orig present in case of roll back, and then editing the copied (new) config on that server to make e2 and e3 the out- and in-side interfaces, and also adjust the sec. weights and names of e0 and e1 since they are still present onboard.
Then clear the running config and reload new config from the tftp server.
Once you rename interfaces your nat/global/static may be auto renamed to use the new names of e0 and e1 (which is what you don't want). In in similar fashion so will your route, telnet/ssh and other commands.
I find it easier to do the tftp archive/edit/send.
This way if something is wrong, you can always clear the running config and reload the original archived config.
I installed my new cards last night tried to reconfigure everything. The renaming/swapping of names did gave me the worst headache! but it is in part my fault because I never tried to reload a config from tftp before and I'm not sure I did the right way.
I tried to only reload the config but I had a lot of duplicate entry errors. I tried clear config all on the Pix, wich did clear the running config, canceling my telnet session. I had to connect in console mode, reconfigure the Pix interfaces and download the config, wich worked after some trials. But the Pix still did some bad thing with the interface name, so I basically had to retype most of my config. Hopefully, it is not that big.
Can you describe the steps and commands for reloading a config from file. The documentation is not very detailed on that. Can it be done from a telnet session or do I have to use the console port.
You are better off using a console session. The write clear command erases the running config.
To be honest, I am having a hard time recalling how to copy a config from a server to the fireall, I thought the copy command was the one, but it apperas to be only used to copy the pix code itself. If I find it, I'll post it here.
Another workaround is this:
Still archive off the current config to a tftp server - use the write net command for that.
Make another copy on the tftp server and edit your changes. Then take the new config file and paste it into the pix using a console hyper-term session.
The cut and paste method ought to work, the only drawback is it is a pain when the config file is large, but for small files it will do.
If I find the command to copy from the tftp server, I will post it here.
Sorry you had all of that trouble. I take it that your gigabit adapters are now is service.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :