tftp a pix 515E config?

Discussion in 'Cisco' started by you know who maybe, Jun 1, 2005.

  1. Are there any known issues with using tftp to make an exact clone of two PIX
    515E firewalls?

    I'm getting ready to upgrade to 7.0 but first want to clone my production
    515E to my test 515E. Both are on 6.3.4 but the production machine has 32MB
    of RAM while the test machine has 64MB of RAM. Using tftp I have saved the
    config to the tftp server. On my test 515E configured the same hostname and
    domain-name but different IP address.

    In our configs we have multiple PIX-to-PIX VPN's with shared keys. Are the
    passphrases in the tftp file? Will they be copied back to the test 515E
    using tftp? Did I need to setup in advance the hostname and domain-name and
    generate a new rsa key or was this unnecessary because the config will have
    this info?

    Many thanks for reading this and your advice.

    -Bob
     
    you know who maybe, Jun 1, 2005
    #1
    1. Advertising

  2. "you know who maybe" <> wrote in message
    news:...
    > Are there any known issues with using tftp to make an exact clone of two
    > PIX 515E firewalls?
    >
    > I'm getting ready to upgrade to 7.0 but first want to clone my production
    > 515E to my test 515E. Both are on 6.3.4 but the production machine has
    > 32MB of RAM while the test machine has 64MB of RAM. Using tftp I have
    > saved the config to the tftp server. On my test 515E configured the same
    > hostname and domain-name but different IP address.
    >
    > In our configs we have multiple PIX-to-PIX VPN's with shared keys. Are the
    > passphrases in the tftp file?


    OK, answered that one by looking in the file! I'm just worried when I switch
    515E's I'll miss something....
     
    you know who maybe, Jun 1, 2005
    #2
    1. Advertising

  3. "you know who maybe" <> wrote in message
    > OK, answered that one by looking in the file! I'm just worried when I
    > switch 515E's I'll miss something....


    While I'm talking to myself I might as well end the conversation:

    This worked for me:

    write erase 515E "test" firewall
    Use "Pre-configure" interactive prompts to set IP address for inside
    interface
    write mem and reload
    Use configure net command to pull config from tftp server.
    Configure net 10.2.1.102:/sjpix634
    (Error message: keypair will be invalid)
    write mem
    ca zeroize rsa
    ca generate rsa key 1024
    Show ca mypubkey rsa
    ca save all
    wr mem
    reload


    Looks good!
     
    you know who maybe, Jun 1, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mirek

    PIX config on TFTP

    Mirek, Apr 8, 2004, in forum: Cisco
    Replies:
    5
    Views:
    6,626
    Martin Bilgrav
    Apr 10, 2004
  2. beni
    Replies:
    6
    Views:
    9,985
    Neil Rowland
    Jun 7, 2004
  3. BillF
    Replies:
    2
    Views:
    7,696
    BillF
    Aug 15, 2004
  4. Scott Townsend
    Replies:
    4
    Views:
    668
    Lutz Donnerhacke
    Feb 14, 2007
  5. Sharad
    Replies:
    0
    Views:
    653
    Sharad
    Feb 13, 2007
Loading...

Share This Page