We picked up another PIX and wanted to use it instead of the unit we have. What is the best way to use our Current Config and copy over to the new PIX. The new PIX will replace the old one and the old unit will become a spare.
Both are running the same IOS.
Thank you. Scott
tftp the config up to a tftp server, modify the internal IP address in the uploaded copy, and then tftp the modified config down to the other machine. When you have finished testing, change the IP address on both boxes.
In order to tftp up, configure the "tftp-server" settings, and then go into configuration mode and "write net". Or in PIX 7, you should be able to use the exec-level "copy" command instead.
Thanks, I'll give this a try today...
So does this also move over all of the Certificates for the unit too, or do I need to get new ones fro the CA? I'm concerned about the Certs as we also use it for IPSec VPN and also have a few other PTP VPNs.
Thanks, Scott >>We picked up another PIX and wanted to use it instead of the unit we have.
Good question; tftp'ing the configuration will NOT move certificates.
In PIX 6, there is no way to import certificates or RSA keys, except that I would expect that connecting in a failover configuration would allow key synchronization.
In PIX 7, I've lost track of the 'ca' commands, so I don't know what can be done.
PIX7 contains the keys and certificates in the config. tftp is enough.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.