Replaced Our PIX515E

C

Carlosinfl

Loves the juice
Joined
Sep 25, 2002
Messages
6,633
So we have been experiencing strange issues with our Cisco PIX 515E. Basically SMTP and HTTP restrictions however to rule out the fact that this is a hardware failure. I took my current IOS startup-config file and tftp'd it over to an identical PIX 515E. So then this weekend when nobody was in the building, I moved over the 3 interface (Cat5e) cables and the power cord to the new one and never got Internet connectivity back on the LAN. I waited 30 minutes which was far enough and it never came back so I threw the cables and power back into the old PIX and everything is working as normal again.

My question is when I try this again, what can I do to see why the Internet / Network is not coming up when I fire up the new PIX515E?

Is there a way I can watch this come up?

I am obviously not a CCNA so please no rude comments...
 
if the "new" 515e is new you can call cisco support for the first 90 days and get someone in India to set it up for you for free.

Maybe you need to copy more than the "startup config".

I copied the config from a pix 501e to an asa 5510 with the help of a cisco tech and t'ftp program and it "worked" we had to tweak things.

either way you are probably missing the NAT rule that routes all inside traffic to the internet.

it will be similar to this

global (outside) 1 interface
nat (inside) 1 192.168.1.1 255.255.255.0 0 0
 
are the os versions the same? PIX 6 to 7 == no worky. like the poster said above, you need a tool to convert it, or just do it by hand...
 
were you able to verify whether the TFTP went through successfully? Also, like previously mentioned, if the OS versions aren't the same you can run into problems. I know there are some commands that aren't able to move from version to version, even within the 6.x.x revisions.

Another thing to do would be to try copy and pasting the config from a text file directly into the PIX via the CLI. Just do like 5-10 lines at a time and see if it gives you any errors. If you have any VPN stuff in there the private shared keys won't paste corrrectly, so you'll have to rebuild that.
 
in PIX/ASA 7+ you can get the pre shared secrets rather simply, and without tftp. "more system:running-config". That's copy/pastable into a new box, just make sure when you copy/paste configs that the new box has no configuration on it, "write erase" then "reload" to make sure.
 
You must log in or register to reply here.
Back
Top