cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
258
Views
0
Helpful
3
Replies

Adding interfaces to a Pix 525

dlandr
Level 1
Level 1

I have a Pix 525 configured to work with the 2 built-in ethernet interfaces. I bought 2 Gig ethernet interfaces and I want to install them to replace the 100mb interfaces.

My question is about what I will have to do to my Pix configuration so all my access lists and other commands use the new cards. Is it as simple as doing a search and replace of the name of my interfaces in my config file to put the new one or is it more complicated than that?

My current configuration for my interfaces is

interface ethernet0 100full

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

would it be as simple as doing something like that

interface ethernet2 1000full

interface ethernet3 1000full

nameif ethernet2 outside security0

nameif ethernet3 inside security100

Thanks

DanieL Landreville

3 Replies 3

ehirsel
Level 6
Level 6

I believe that you would be better off archiving your current config to a tftp server, copying it to keep the orig present in case of roll back, and then editing the copied (new) config on that server to make e2 and e3 the out- and in-side interfaces, and also adjust the sec. weights and names of e0 and e1 since they are still present onboard.

Then clear the running config and reload new config from the tftp server.

Once you rename interfaces your nat/global/static may be auto renamed to use the new names of e0 and e1 (which is what you don't want). In in similar fashion so will your route, telnet/ssh and other commands.

I find it easier to do the tftp archive/edit/send.

This way if something is wrong, you can always clear the running config and reload the original archived config.

I installed my new cards last night tried to reconfigure everything. The renaming/swapping of names did gave me the worst headache! but it is in part my fault because I never tried to reload a config from tftp before and I'm not sure I did the right way.

I tried to only reload the config but I had a lot of duplicate entry errors. I tried clear config all on the Pix, wich did clear the running config, canceling my telnet session. I had to connect in console mode, reconfigure the Pix interfaces and download the config, wich worked after some trials. But the Pix still did some bad thing with the interface name, so I basically had to retype most of my config. Hopefully, it is not that big.

Can you describe the steps and commands for reloading a config from file. The documentation is not very detailed on that. Can it be done from a telnet session or do I have to use the console port.

Regards,

Daniel Landreville

You are better off using a console session. The write clear command erases the running config.

To be honest, I am having a hard time recalling how to copy a config from a server to the fireall, I thought the copy command was the one, but it apperas to be only used to copy the pix code itself. If I find it, I'll post it here.

Another workaround is this:

Still archive off the current config to a tftp server - use the write net command for that.

Make another copy on the tftp server and edit your changes. Then take the new config file and paste it into the pix using a console hyper-term session.

The cut and paste method ought to work, the only drawback is it is a pain when the config file is large, but for small files it will do.

If I find the command to copy from the tftp server, I will post it here.

Sorry you had all of that trouble. I take it that your gigabit adapters are now is service.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: