Moving Config from PIX 515 to 515e

Discussion in 'Cisco' started by Scott Townsend, Mar 23, 2006.

  1. We upgraded our PIX to a 515e from a 515 and I want to copy the config to
    the new 515e from the 515.

    I've done a write net, and a config net to get the config over and it
    'looks' okay, though some things do not seem to be working.

    The new PIX has the Certs from the Cert Server. Though VPN does not seem to
    be working.
    How can I get the Password that are configured for VPN (both PPTP and IPSec)
    to be copied from one PIX to the other?

    What else should be done?

    Thanks,
    Scott<-
     
    Scott Townsend, Mar 23, 2006
    #1
    1. Advertising

  2. In article <bMyUf.3517$>,
    Scott Townsend <scott-i@.-N0-SPAMplease.enm.com> wrote:
    >We upgraded our PIX to a 515e from a 515 and I want to copy the config to
    >the new 515e from the 515.


    >I've done a write net, and a config net to get the config over and it
    >'looks' okay, though some things do not seem to be working.


    >The new PIX has the Certs from the Cert Server. Though VPN does not seem to
    >be working.
    >How can I get the Password that are configured for VPN (both PPTP and IPSec)
    >to be copied from one PIX to the other?


    Any hardcoded passwords you have are written into the configuration
    file when you "write net"; when you loaded that configuration
    in to the other machine, it now knows the passwords.

    However, certficates are not passwords, and cannot be copied from
    one PIX to another. You must generate new keys and enroll the new
    device.
     
    Walter Roberson, Mar 23, 2006
    #2
    1. Advertising

  3. Thanks, I guess I never really looked at the Passwords in the Config file
    after I saved them. You are right, they are there.

    I've gone through the Steps to generate a new Cert request and obtained a
    new Cert for the New PIX.

    The IPSec VPN gives teh Following Error:
    --------------------------------------------------------------------------
    crypto_isakmp_process_block:src:192.168.1.200, dest:charlie_o spt:500
    dpt:500
    VPN Peer:ISAKMP: Peer Info for 192.168.1.200/500 not found - peers:0

    ISAKMP: larval sa found
    crypto_isakmp_process_block:src:192.168.1.200, dest:charlie_o spt:500
    dpt:500
    VPN Peer:ISAKMP: Peer Info for 192.168.1.200/500 not found - peers:0

    ISAKMP: larval sa found
    crypto_isakmp_process_block:src:192.168.1.200, dest:charlie_o spt:500
    dpt:500
    VPN Peer:ISAKMP: Peer Info for 192.168.1.200/500 not found - peers:0

    ISAKMP: larval sa found
    ISAKMP (0): deleting SA: src 192.168.1.200, dst charlie_o
    ISADB: reaper checking SA 0x143aec4, conn_id = 0 DELETE IT!

    VPN Peer:ISAKMP: Peer Info for 192.168.1.200/500 not found - peers:0
    --------------------------------------------------------------------------

    The PPTP VPN gets to the point of Verifying username and password, the come
    back on the client with the Error of 721: Computer did not respond. The Pix
    posted the Following to the Syslog:

    --------------------------------------------------------------------------
    %PIX-6-603105: PPTP Tunnel deleted, tunnel_id = 13, remote_peer_ip =
    192.168.1.200
    %PIX-6-603104: PPTP Tunnel created, tunnel_id is 13, remote_peer_ip is
    192.168.1.200, ppp_virtual_interface_id is 1, client_dynamic_ip is
    10.201.0.1, username is , MPPE_key_strength is None
    %PIX-6-302010: 0 in use, 4 most used
    %PIX-6-302014: Teardown TCP connection 8 for outside:192.168.1.200/3289 to
    inside:10.1.1.177/80 duration 0:02:01 bytes 0 SYN Timeout
    %PIX-6-603105: PPTP Tunnel deleted, tunnel_id = 11, remote_peer_ip =
    192.168.1.200
    %PIX-6-603104: PPTP Tunnel created, tunnel_id is 11, remote_peer_ip is
    192.168.1.200, ppp_virtual_interface_id is 1, client_dynamic_ip is
    10.201.0.1, username is , MPPE_key_strength is None
    %PIX-3-213001: PPTP control daemon socket io read error, errno = -2043674623
    %PIX-6-603105: PPTP Tunnel deleted, tunnel_id = 12, remote_peer_ip =
    192.168.1.200
    %PIX-6-603104: PPTP Tunnel created, tunnel_id is 12, remote_peer_ip is
    192.168.1.200, ppp_virtual_interface_id is 2, client_dynamic_ip is
    10.201.0.2, username is , MPPE_key_strength is None
    --------------------------------------------------------------------------



    "Walter Roberson" <> wrote in message
    news:kjzUf.173100$sa3.66837@pd7tw1no...
    > In article <bMyUf.3517$>,
    > Scott Townsend <scott-i@.-N0-SPAMplease.enm.com> wrote:
    >>We upgraded our PIX to a 515e from a 515 and I want to copy the config to
    >>the new 515e from the 515.

    >
    >>I've done a write net, and a config net to get the config over and it
    >>'looks' okay, though some things do not seem to be working.

    >
    >>The new PIX has the Certs from the Cert Server. Though VPN does not seem
    >>to
    >>be working.
    >>How can I get the Password that are configured for VPN (both PPTP and
    >>IPSec)
    >>to be copied from one PIX to the other?

    >
    > Any hardcoded passwords you have are written into the configuration
    > file when you "write net"; when you loaded that configuration
    > in to the other machine, it now knows the passwords.
    >
    > However, certficates are not passwords, and cannot be copied from
    > one PIX to another. You must generate new keys and enroll the new
    > device.
     
    Scott Townsend, Mar 23, 2006
    #3
  4. Scott Townsend

    jsserver

    Joined:
    May 13, 2008
    Messages:
    1
    Question about inserting config into pix

    How did you put it into the pix, because I don't know in which mode I have to do it.
    If I just use the "enabled" mode it won't work and if I use the config terminal mode it doesn't do all also. I know of the password thing, but there is a lot more that won't insert. :captain:
     
    jsserver, May 13, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dustin
    Replies:
    3
    Views:
    639
    Matty M
    Nov 8, 2005
  2. Scott Townsend
    Replies:
    8
    Views:
    709
    Roman Nakhmanson
    Feb 22, 2006
  3. Scott Townsend
    Replies:
    2
    Views:
    2,313
    Scott Townsend
    Feb 21, 2006
  4. Scott Townsend

    PIX 515 to PIX 515e not passing traffic

    Scott Townsend, May 10, 2006, in forum: Cisco
    Replies:
    6
    Views:
    3,740
    Vikas
    May 25, 2006
  5. Scott Townsend
    Replies:
    4
    Views:
    672
    Lutz Donnerhacke
    Feb 14, 2007
Loading...

Share This Page