PIX config on TFTP

Discussion in 'Cisco' started by Mirek, Apr 8, 2004.

  1. Mirek

    Mirek Guest

    Hello

    Simple question.
    I don't know who to load my configuration which is stored on tftp server to
    my pix firewall?
    I'm using 6.1(4) software.
    Please help.

    Mirek
     
    Mirek, Apr 8, 2004
    #1
    1. Advertising

  2. In article <c53qig$hon$>,
    Mirek <> wrote:
    :Simple question.
    :I don't know who to load my configuration which is stored on tftp server to
    :my pix firewall?
    :I'm using 6.1(4) software.

    The official instructions are that you start by 'erase config',
    then you configure an ip address for the interface you want to use,
    then you configure a 'tftp-server' reflecting the host and filename.
    Then, that all having been set up, you config net from within
    'config terminal' mode.

    That's the official instructions, and the only method *supported*
    by Cisco.

    In reality, the 'erase config' step can usually completely avoided,
    but because anything you tftp in *adds* to your existing configuration,
    you have to put appropriate 'clear' and 'no' statements in your master
    configuration to get everything into the right state. It's fast and easy
    once it's set up.

    --
    Look out, there are llamas!
     
    Walter Roberson, Apr 8, 2004
    #2
    1. Advertising

  3. conf net IP:/file.cfg

    Have any tftp file there, partial or complete
    lines are ignored if they are the same
    lines with no-prefixed are removed

    works super with 6.3.3 and my guess is the same for 6.1.4


    "Mirek" <> wrote in message
    news:c53qig$hon$...
    > Hello
    >
    > Simple question.
    > I don't know who to load my configuration which is stored on tftp server

    to
    > my pix firewall?
    > I'm using 6.1(4) software.
    > Please help.
    >
    > Mirek
    >
    >
     
    Martin Bilgrav, Apr 8, 2004
    #3
  4. Mirek

    Mirek Guest

    Thx
    U're the best

    Mirek
     
    Mirek, Apr 8, 2004
    #4
  5. In article <mdidc.138670$>,
    Martin Bilgrav <> wrote:
    :conf net IP:/file.cfg

    You need to have set up a tftp-server command first, as otherwise
    it will make nasty assumptions about the interface to use. That's the
    only -real- function of the tftp-server command, IMHO: it's the only
    place you can set the interface.


    :Have any tftp file there, partial or complete

    You must not have read the details of my postings on the subject ;-)

    The inputs accepted for tftp files are slightly different than those
    accepted for typing in commands. Generally speaking, you need to use
    complete commands in the tftp file: the command completion for
    tftp is -different- than the command completion for interactive commands.
    There are a few commands which are not accepted via tftp. And
    you can tftp in a line that contains a question-mark (e.g., in
    a remark or in an isakmp key), which you can't do interactively.


    :lines are ignored if they are the same

    ACL lines are ignored if they duplicate an existing ACL line. Some
    of the other lines will, if duplicated, result in errors that lead to
    you being told the tftp failed.


    :lines with no-prefixed are removed

    Unless, that is, it's a "no ip address" on the interface you're
    tftp'ing through, or unless you manage to turn off the rip passive
    listener that was providing the route to the tftp server.
    There is a way around these problems, which I've documented in previous
    postings.


    So.... you cannot, in fact, use "any tftp file, partial or complete":
    you have to be a bit careful about what's in your tftp file. Once
    you have the little tricks down, though, it sure is a useful technique!
    --
    Before responding, take into account the possibility that the Universe
    was created just an instant ago, and that you have not actually read
    anything, but were instead created intact with a memory of having read it.
     
    Walter Roberson, Apr 9, 2004
    #5
  6. "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:c550pd$qmr$...
    > In article <mdidc.138670$>,
    > Martin Bilgrav <> wrote:
    > :conf net IP:/file.cfg
    >
    > You need to have set up a tftp-server command first, as otherwise
    > it will make nasty assumptions about the interface to use. That's the
    > only -real- function of the tftp-server command, IMHO: it's the only
    > place you can set the interface.


    Not sure about that, Walter - But you may be right...


    > So.... you cannot, in fact, use "any tftp file, partial or complete":
    > you have to be a bit careful about what's in your tftp file. Once
    > you have the little tricks down, though, it sure is a useful technique!


    By partial I mean not fully listed config file, fx you can have just a file
    containing a ACL
    And yes you need to use full commands, but this is in general a good idea on
    the PIX's

    Wkr
    Martin Bilgrav
     
    Martin Bilgrav, Apr 10, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. beni
    Replies:
    6
    Views:
    9,983
    Neil Rowland
    Jun 7, 2004
  2. you know who maybe

    tftp a pix 515E config?

    you know who maybe, Jun 1, 2005, in forum: Cisco
    Replies:
    2
    Views:
    2,359
    you know who maybe
    Jun 1, 2005
  3. AM
    Replies:
    4
    Views:
    6,101
    Damian
    Oct 10, 2006
  4. AM
    Replies:
    1
    Views:
    639
    Walter Roberson
    Aug 18, 2006
  5. Sharad
    Replies:
    0
    Views:
    650
    Sharad
    Feb 13, 2007
Loading...

Share This Page