tftp a pix 515E config?

Discussion in 'Cisco' started by you know who maybe, Jun 1, 2005.

  1. Are there any known issues with using tftp to make an exact clone of two PIX
    515E firewalls?

    I'm getting ready to upgrade to 7.0 but first want to clone my production
    515E to my test 515E. Both are on 6.3.4 but the production machine has 32MB
    of RAM while the test machine has 64MB of RAM. Using tftp I have saved the
    config to the tftp server. On my test 515E configured the same hostname and
    domain-name but different IP address.

    In our configs we have multiple PIX-to-PIX VPN's with shared keys. Are the
    passphrases in the tftp file? Will they be copied back to the test 515E
    using tftp? Did I need to setup in advance the hostname and domain-name and
    generate a new rsa key or was this unnecessary because the config will have
    this info?

    Many thanks for reading this and your advice.

    you know who maybe, Jun 1, 2005
    1. Advertisements

  2. OK, answered that one by looking in the file! I'm just worried when I switch
    515E's I'll miss something....
    you know who maybe, Jun 1, 2005
    1. Advertisements

  3. While I'm talking to myself I might as well end the conversation:

    This worked for me:

    write erase 515E "test" firewall
    Use "Pre-configure" interactive prompts to set IP address for inside
    write mem and reload
    Use configure net command to pull config from tftp server.
    Configure net
    (Error message: keypair will be invalid)
    write mem
    ca zeroize rsa
    ca generate rsa key 1024
    Show ca mypubkey rsa
    ca save all
    wr mem

    Looks good!
    you know who maybe, Jun 1, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.