Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Connection upgrade

I have a Pix 525 connected to the "internet" using the 100Mb ethernet interface named "Outside".

I need to upgrade that connection to a Gigabit connection using the GigabitEthernet fiber interface.

Is there a way of doing this without loosing all the configurations of the 100Mb interface? Like the nat and security rules.

Or do i have to disable the ethernet interface, enable the gigabit and rebuild all the configurations?

I didn't found any documentation about this problem.

Thanks for any help.

Regards.

3 REPLIES

Re: Connection upgrade

You can do it without loosing configuration.

Disabled ethernet0 (default outside with security level 0) and assign new GE as new outside interface.

1. Remove IP Address from old outside (e0) interface:

no ip address outside

2. Disable the e0 port

interface ethernet0 auto shutdown

2. Rename old outside intf (e0) to new name, and set new security level. Outside interface is recommended (default) to use 0.

nameif ethernet0 outside1 security1

3. Re-assign new GE as outside interface with security 0:

nameif gb-ethernet0 outside security0

4. Enable new GE interface

interface gb-ethernet0 1000auto (or fix the speed to 100full)

5. Assign ip address (inherited from old outside IP) to new GE/outside

ip address outside x.x.x.1 255.255.255.0

Leave everything like "Global (outside)" statement as it is, together with route, acl and so on.

I have configured PIX525 with 5 GE (fiber) ports, and put both default eo and e1 to disabled mode.

interface gb-ethernet0 1000auto

interface gb-ethernet1 1000auto

interface gb-ethernet2 1000full

interface gb-ethernet3 1000auto

interface gb-ethernet4 1000auto

interface ethernet0 auto shutdown

interface ethernet1 auto shutdown

nameif gb-ethernet0 outside security0

nameif gb-ethernet1 inside security100

nameif gb-ethernet2 statefover security80

nameif gb-ethernet3 dmz security70

nameif gb-ethernet4 vpn security50

nameif ethernet0 reserved1 security1

nameif ethernet1 reserved-2 security2

Pls backup your config before performing the above, and do not save (wri mem) the PIX until it's confirmed to be working fine. If something went wrong, just reboot the box and it's back to last-known-good config.

HTH

AK

New Member

Re: Connection upgrade

Thanks for your help.

I was thinking in doing the changes offline and then upload the config file (tftp) and reboot the pix. The only thing that needs changing is the interface name, the ip of the new connection is the same.

I will try your solution.

Thanks

New Member

Re: Connection upgrade

I had to do the changes offline and then do the upload to the pix... doing the changes online didn't work.

96
Views
3
Helpful
3
Replies
CreatePlease login to create content