Move PIX 515e IOS7x config from one PIX to another?

Discussion in 'Cisco' started by Scott Townsend, Feb 12, 2007.

  1. We picked up another PIX and wanted to use it instead of the unit we have.
    What is the best way to use our Current Config and copy over to the new PIX.
    The new PIX will replace the old one and the old unit will become a spare.

    Both are running the same IOS.

    Thank you.
    Scott<-
    Scott Townsend, Feb 12, 2007
    #1
    1. Advertising

  2. In article <W7%zh.21557$>,
    Scott Townsend <scott-i@.-N0-SPAMplease.enm.com> wrote:
    >We picked up another PIX and wanted to use it instead of the unit we have.
    >What is the best way to use our Current Config and copy over to the new PIX.
    >The new PIX will replace the old one and the old unit will become a spare.


    >Both are running the same IOS.


    tftp the config up to a tftp server, modify the internal IP address
    in the uploaded copy, and then tftp the modified config down to the
    other machine. When you have finished testing, change the IP address
    on both boxes.

    In order to tftp up, configure the "tftp-server" settings, and
    then go into configuration mode and "write net". Or in PIX 7,
    you should be able to use the exec-level "copy" command instead.
    Walter Roberson, Feb 12, 2007
    #2
    1. Advertising

  3. Thanks, I'll give this a try today...

    So does this also move over all of the Certificates for the unit too, or do
    I need to get new ones fro the CA? I'm concerned about the Certs as we also
    use it for IPSec VPN and also have a few other PTP VPNs.

    Thanks,
    Scott<-
    "Walter Roberson" <> wrote in message
    news:L51Ah.948816$R63.468243@pd7urf1no...
    > In article <W7%zh.21557$>,
    > Scott Townsend <scott-i@.-N0-SPAMplease.enm.com> wrote:
    >>We picked up another PIX and wanted to use it instead of the unit we have.
    >>What is the best way to use our Current Config and copy over to the new
    >>PIX.
    >>The new PIX will replace the old one and the old unit will become a spare.

    >
    >>Both are running the same IOS.

    >
    > tftp the config up to a tftp server, modify the internal IP address
    > in the uploaded copy, and then tftp the modified config down to the
    > other machine. When you have finished testing, change the IP address
    > on both boxes.
    >
    > In order to tftp up, configure the "tftp-server" settings, and
    > then go into configuration mode and "write net". Or in PIX 7,
    > you should be able to use the exec-level "copy" command instead.
    >
    Scott Townsend, Feb 14, 2007
    #3
  4. In article <5ZFAh.76318$>,
    Scott Townsend <scott-i@.-N0-SPAMplease.enm.com> wrote:
    >So does this also move over all of the Certificates for the unit too, or do
    >I need to get new ones fro the CA? I'm concerned about the Certs as we also
    >use it for IPSec VPN and also have a few other PTP VPNs.


    Good question; tftp'ing the configuration will NOT move certificates.

    In PIX 6, there is no way to import certificates or RSA keys,
    except that I would expect that connecting in a failover configuration
    would allow key synchronization.

    In PIX 7, I've lost track of the 'ca' commands, so I don't know
    what can be done.
    Walter Roberson, Feb 14, 2007
    #4
  5. * Walter Roberson wrote:
    > Good question; tftp'ing the configuration will NOT move certificates.


    PIX7 contains the keys and certificates in the config. tftp is enough.
    Lutz Donnerhacke, Feb 14, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. bdeditch

    I want to move ME from one hard drive to another

    bdeditch, Aug 13, 2005, in forum: Computer Support
    Replies:
    5
    Views:
    754
  2. Replies:
    2
    Views:
    36,301
  3. Larry Mehl
    Replies:
    8
    Views:
    916
  4. Trevor Smithson
    Replies:
    8
    Views:
    2,348
    fatsteve
    Jul 30, 2009
  5. ~misfit~
    Replies:
    6
    Views:
    1,334
    ~misfit~
    Dec 1, 2009
Loading...

Share This Page