«

Hello

Simple question.
I don't know who to load my configuration which is stored on tftp server to
my pix firewall?
I'm using 6.1(4) software.
Please help.

Mirek

In article <c53qig$hon$>,
Mirek <> wrote:
:Simple question.
:I don't know who to load my configuration which is stored on tftp server to
:my pix firewall?
:I'm using 6.1(4) software.

The official instructions are that you start by 'erase config',
then you configure an ip address for the interface you want to use,
then you configure a 'tftp-server' reflecting the host and filename.
Then, that all having been set up, you config net from within
'config terminal' mode.

That's the official instructions, and the only method *supported*
by Cisco.

In reality, the 'erase config' step can usually completely avoided,
but because anything you tftp in *adds* to your existing configuration,
you have to put appropriate 'clear' and 'no' statements in your master
configuration to get everything into the right state. It's fast and easy
once it's set up.

--
Look out, there are llamas!

conf net IP:/file.cfg

Have any tftp file there, partial or complete
lines are ignored if they are the same
lines with no-prefixed are removed

works super with 6.3.3 and my guess is the same for 6.1.4


"Mirek" <> wrote in message
news:c53qig$hon$...
> Hello
>
> Simple question.
> I don't know who to load my configuration which is stored on tftp server
to
> my pix firewall?
> I'm using 6.1(4) software.
> Please help.
>
> Mirek
>
>

Thx
U're the best

Mirek

In article <mdidc.138670$ >,
Martin Bilgrav <> wrote:
:conf net IP:/file.cfg

You need to have set up a tftp-server command first, as otherwise
it will make nasty assumptions about the interface to use. That's the
only -real- function of the tftp-server command, IMHO: it's the only
place you can set the interface.


:Have any tftp file there, partial or complete

You must not have read the details of my postings on the subject

The inputs accepted for tftp files are slightly different than those
accepted for typing in commands. Generally speaking, you need to use
complete commands in the tftp file: the command completion for
tftp is -different- than the command completion for interactive commands.
There are a few commands which are not accepted via tftp. And
you can tftp in a line that contains a question-mark (e.g., in
a remark or in an isakmp key), which you can't do interactively.


:lines are ignored if they are the same

ACL lines are ignored if they duplicate an existing ACL line. Some
of the other lines will, if duplicated, result in errors that lead to
you being told the tftp failed.


:lines with no-prefixed are removed

Unless, that is, it's a "no ip address" on the interface you're
tftp'ing through, or unless you manage to turn off the rip passive
listener that was providing the route to the tftp server.
There is a way around these problems, which I've documented in previous
postings.


So.... you cannot, in fact, use "any tftp file, partial or complete":
you have to be a bit careful about what's in your tftp file. Once
you have the little tricks down, though, it sure is a useful technique!
--
Before responding, take into account the possibility that the Universe
was created just an instant ago, and that you have not actually read
anything, but were instead created intact with a memory of having read it.

"Walter Roberson" <> wrote in message
news:c550pd$qmr$...
> In article <mdidc.138670$ >,
> Martin Bilgrav <> wrote:
> :conf net IP:/file.cfg
>
> You need to have set up a tftp-server command first, as otherwise
> it will make nasty assumptions about the interface to use. That's the
> only -real- function of the tftp-server command, IMHO: it's the only
> place you can set the interface.

Not sure about that, Walter - But you may be right...


> So.... you cannot, in fact, use "any tftp file, partial or complete":
> you have to be a bit careful about what's in your tftp file. Once
> you have the little tricks down, though, it sure is a useful technique!

By partial I mean not fully listed config file, fx you can have just a file
containing a ACL
And yes you need to use full commands, but this is in general a good idea on
the PIX's

Wkr
Martin Bilgrav