Replacing a PIX 515E with a PIX 515

Discussion in 'Cisco' started by Dustin, Nov 5, 2005.

  1. Dustin

    Dustin Guest

    I have a PIX 515E that I am currently using as our main firewall,
    attached to a T1. I am getting a 4mb connection (over 10mb ethernet)
    at a colo facility, and I would like to move this PIX 515E over there.
    In order to do this, I need to take a PIX 515 that I have and get it to
    work identically. I have copy/pasted the config from the 515E to the
    515, I have copy the 515E's config to a tftp server, and then download
    it to the 515 by tftp. The PIX 515 is somewhat functional.

    Each unit has 64MB RAM, 16MB Flash, UR License, VAC card, and 4 FE
    card. The 515E has PIX OS 6.3(4), and the 515 has PIX OS 6.3(5). I
    have used a diff to see if there are any major changes after loading,
    and I see none. The PIX 515 works for access from Inside to DMZ and
    Outside, and from the DMZ to Outside... but none of the ACLs work for
    traffic from Outside to DMZ or Inside, or DMZ to Inside.

    Any ideas?

    Dustin, Nov 5, 2005
  2. Dustin

    Matty M Guest


    Should be identical. The only difference would be the 515E has a faster CPU
    and can take more RAM from memory. Are all the interfaces called the same on
    both PIX's? It maybe that your access lists arent bound to the right names
    of the interface cards.


    Matty M, Nov 5, 2005
  3. Dustin

    Dustin Guest

    I spoke with someone from TAC. She recommended that we reset the ARP
    cache on our router. I did not think that this was a possible reason,
    at first, because the PIX was forwarding outbound traffic properly.
    Because of this, I was pretty sure that the ARP information has been

    After looking at the ARP cache on our router, I saw that the default
    cache is 4 hours, and that each IP that was being translated had a
    separate entry (which does make sense). It is odd how you never really
    think about certain basic things, because they rarely present problems.

    I am going to make another go of it tomorrow morning, and I am going to
    look at the ARP cache and reset if necesary.
    Dustin, Nov 8, 2005
  4. Dustin

    Matty M Guest

    I was under the impression that the ARP cleared itself after a while or even
    when you switch the PIX on/reboot it. I know that clear xlate is a good one
    when your changing access lists but I thought they were not working at all
    when you turned the PIX on?


    Matty M, Nov 8, 2005
