Replacing a PIX 515E with a PIX 515

Discussion in 'Cisco' started by Dustin, Nov 5, 2005.

  1. Dustin

    Dustin Guest

    I have a PIX 515E that I am currently using as our main firewall,
    attached to a T1. I am getting a 4mb connection (over 10mb ethernet)
    at a colo facility, and I would like to move this PIX 515E over there.
    In order to do this, I need to take a PIX 515 that I have and get it to
    work identically. I have copy/pasted the config from the 515E to the
    515, I have copy the 515E's config to a tftp server, and then download
    it to the 515 by tftp. The PIX 515 is somewhat functional.

    Each unit has 64MB RAM, 16MB Flash, UR License, VAC card, and 4 FE
    card. The 515E has PIX OS 6.3(4), and the 515 has PIX OS 6.3(5). I
    have used a diff to see if there are any major changes after loading,
    and I see none. The PIX 515 works for access from Inside to DMZ and
    Outside, and from the DMZ to Outside... but none of the ACLs work for
    traffic from Outside to DMZ or Inside, or DMZ to Inside.

    Any ideas?


    Thanks,
    Dustin
     
    Dustin, Nov 5, 2005
    #1
    1. Advertising

  2. Dustin

    Matty M Guest

    "Dustin" <> wrote in message
    news:...
    >I have a PIX 515E that I am currently using as our main firewall,
    > attached to a T1. I am getting a 4mb connection (over 10mb ethernet)
    > at a colo facility, and I would like to move this PIX 515E over there.
    > In order to do this, I need to take a PIX 515 that I have and get it to
    > work identically. I have copy/pasted the config from the 515E to the
    > 515, I have copy the 515E's config to a tftp server, and then download
    > it to the 515 by tftp. The PIX 515 is somewhat functional.
    >
    > Each unit has 64MB RAM, 16MB Flash, UR License, VAC card, and 4 FE
    > card. The 515E has PIX OS 6.3(4), and the 515 has PIX OS 6.3(5). I
    > have used a diff to see if there are any major changes after loading,
    > and I see none. The PIX 515 works for access from Inside to DMZ and
    > Outside, and from the DMZ to Outside... but none of the ACLs work for
    > traffic from Outside to DMZ or Inside, or DMZ to Inside.
    >
    > Any ideas?
    >
    >
    > Thanks,
    > Dustin
    >


    Hi,

    Should be identical. The only difference would be the 515E has a faster CPU
    and can take more RAM from memory. Are all the interfaces called the same on
    both PIX's? It maybe that your access lists arent bound to the right names
    of the interface cards.

    Cheers

    Matt
     
    Matty M, Nov 5, 2005
    #2
    1. Advertising

  3. Dustin

    Dustin Guest

    I spoke with someone from TAC. She recommended that we reset the ARP
    cache on our router. I did not think that this was a possible reason,
    at first, because the PIX was forwarding outbound traffic properly.
    Because of this, I was pretty sure that the ARP information has been
    reset.

    After looking at the ARP cache on our router, I saw that the default
    cache is 4 hours, and that each IP that was being translated had a
    separate entry (which does make sense). It is odd how you never really
    think about certain basic things, because they rarely present problems.

    I am going to make another go of it tomorrow morning, and I am going to
    look at the ARP cache and reset if necesary.
     
    Dustin, Nov 8, 2005
    #3
  4. Dustin

    Matty M Guest

    "Dustin" <> wrote in message
    news:...
    >I spoke with someone from TAC. She recommended that we reset the ARP
    > cache on our router. I did not think that this was a possible reason,
    > at first, because the PIX was forwarding outbound traffic properly.
    > Because of this, I was pretty sure that the ARP information has been
    > reset.
    >
    > After looking at the ARP cache on our router, I saw that the default
    > cache is 4 hours, and that each IP that was being translated had a
    > separate entry (which does make sense). It is odd how you never really
    > think about certain basic things, because they rarely present problems.
    >
    > I am going to make another go of it tomorrow morning, and I am going to
    > look at the ARP cache and reset if necesary.
    >


    I was under the impression that the ARP cleared itself after a while or even
    when you switch the PIX on/reboot it. I know that clear xlate is a good one
    when your changing access lists but I thought they were not working at all
    when you turned the PIX on?

    Cheers

    Matt
     
    Matty M, Nov 8, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Scott Townsend
    Replies:
    8
    Views:
    709
    Roman Nakhmanson
    Feb 22, 2006
  2. Scott Townsend
    Replies:
    2
    Views:
    2,314
    Scott Townsend
    Feb 21, 2006
  3. Scott Townsend

    Moving Config from PIX 515 to 515e

    Scott Townsend, Mar 23, 2006, in forum: Cisco
    Replies:
    3
    Views:
    3,222
    jsserver
    May 13, 2008
  4. Scott Townsend

    PIX 515 to PIX 515e not passing traffic

    Scott Townsend, May 10, 2006, in forum: Cisco
    Replies:
    6
    Views:
    3,741
    Vikas
    May 25, 2006
  5. PIX 515 and 515E

    , Aug 25, 2006, in forum: Cisco
    Replies:
    2
    Views:
    2,335
    www.BradReese.Com
    Aug 25, 2006
Loading...

Share This Page