Replaced Our PIX515E

Discussion in 'Networking & Security' started by Carlosinfl, Jul 29, 2008.

  1. Carlosinfl

    Carlosinfl Loves the juice

    Messages:
    6,633
    Joined:
    Sep 25, 2002
    So we have been experiencing strange issues with our Cisco PIX 515E. Basically SMTP and HTTP restrictions however to rule out the fact that this is a hardware failure. I took my current IOS startup-config file and tftp'd it over to an identical PIX 515E. So then this weekend when nobody was in the building, I moved over the 3 interface (Cat5e) cables and the power cord to the new one and never got Internet connectivity back on the LAN. I waited 30 minutes which was far enough and it never came back so I threw the cables and power back into the old PIX and everything is working as normal again.

    My question is when I try this again, what can I do to see why the Internet / Network is not coming up when I fire up the new PIX515E?

    Is there a way I can watch this come up?

    I am obviously not a CCNA so please no rude comments...
     
  2. MorfiusX

    MorfiusX 2[H]4U

    Messages:
    3,007
    Joined:
    Feb 13, 2004
  3. scottatwittenberg

    scottatwittenberg 2[H]4U

    Messages:
    3,306
    Joined:
    Apr 10, 2002
    if the "new" 515e is new you can call cisco support for the first 90 days and get someone in India to set it up for you for free.

    Maybe you need to copy more than the "startup config".

    I copied the config from a pix 501e to an asa 5510 with the help of a cisco tech and t'ftp program and it "worked" we had to tweak things.

    either way you are probably missing the NAT rule that routes all inside traffic to the internet.

    it will be similar to this

    global (outside) 1 interface
    nat (inside) 1 192.168.1.1 255.255.255.0 0 0
     
  4. Rabidfox

    Rabidfox Limp Gawd

    Messages:
    282
    Joined:
    Oct 6, 2005
    are the os versions the same? PIX 6 to 7 == no worky. like the poster said above, you need a tool to convert it, or just do it by hand...
     
  5. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,861
    Joined:
    Feb 19, 2004
    were you able to verify whether the TFTP went through successfully? Also, like previously mentioned, if the OS versions aren't the same you can run into problems. I know there are some commands that aren't able to move from version to version, even within the 6.x.x revisions.

    Another thing to do would be to try copy and pasting the config from a text file directly into the PIX via the CLI. Just do like 5-10 lines at a time and see if it gives you any errors. If you have any VPN stuff in there the private shared keys won't paste corrrectly, so you'll have to rebuild that.
     
  6. Rabidfox

    Rabidfox Limp Gawd

    Messages:
    282
    Joined:
    Oct 6, 2005
    in PIX/ASA 7+ you can get the pre shared secrets rather simply, and without tftp. "more system:running-config". That's copy/pastable into a new box, just make sure when you copy/paste configs that the new box has no configuration on it, "write erase" then "reload" to make sure.